CVE-2026-11497

D-Link DCS-5615 Boa Webserver boa.conf least privilege violation

CVSS 6.9 MEDIUMEPSS 0.4%CWE-266 CWE-272

A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Affected products

D-Link · DCS-5615

public PoCs found — 1

cve_referencewww.notion.so/D-link-DCS-5615_REV_1-01-00-3670ed14e5cb80e9be78f7d8dbf1e789?source=copy_linkunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://vuldb.com/cve/CVE-2026-11497 https://vuldb.com/submit/834823 https://vuldb.com/vuln/369117 https://vuldb.com/vuln/369117/cti https://www.dlink.com/https://www.notion.so/D-link-DCS-5615_REV_1-01-00-3670ed14e5cb80e9be78f7d8dbf1e789?source=copy_link