{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-11497","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-06-07T13:18:25.746Z","datePublished":"2026-06-08T06:30:10.399Z","dateUpdated":"2026-06-09T14:51:12.227Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-06-08T06:30:10.399Z"},"title":"D-Link DCS-5615 Boa Webserver boa.conf least privilege violation","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-272","lang":"en","description":"Least Privilege Violation"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-266","lang":"en","description":"Incorrect Privilege Assignment"}]}],"affected":[{"vendor":"D-Link","product":"DCS-5615","versions":[{"version":"1.01.00","status":"affected"}],"cpes":["cpe:2.3:h:d-link:dcs-5615:*:*:*:*:*:*:*:*"],"modules":["Boa Webserver"]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has been disclosed to the public and may be used."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-06-07T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-06-07T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-06-07T15:23:29.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"yinfantasy (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/vuln/369117","name":"VDB-369117 | D-Link DCS-5615 Boa Webserver boa.conf least privilege violation","tags":["vdb-entry"]},{"url":"https://vuldb.com/vuln/369117/cti","name":"VDB-369117 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/cve/CVE-2026-11497","name":"CVE-2026-11497 | CVE Analysis and Report","tags":["third-party-advisory"]},{"url":"https://vuldb.com/submit/834823","name":"Submit #834823 | D-link DCS-5615 1.01.00 Misconfiguration","tags":["third-party-advisory"]},{"url":"https://www.notion.so/D-link-DCS-5615_REV_1-01-00-3670ed14e5cb80e9be78f7d8dbf1e789?source=copy_link","tags":["exploit"]},{"url":"https://www.dlink.com/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-09T14:51:00.140535Z","id":"CVE-2026-11497","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-09T14:51:12.227Z"}}]}}