Is there a public PoC exploit available for CVE-2026-11492?

Yes, a public proof-of-concept exploit is available for CVE-2026-11492. Prioritise patching immediately. EPSS: 0.0%.

D-Link DIR-823G CVE-2026-11492

Q: What is the CVSS score of CVE-2026-11492?

CVE-2026-11492 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-35023 LOW

Least Privilege Violation (CWE-272)

2026-06-08 VulDB

GHSA-rhp9-667x-7qvw

Information Disclosure D-Link

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Jun 08, 2026 - 07:22 NVD

MEDIUM LOW

CVSS changed

Jun 08, 2026 - 07:22 NVD

4.3 (MEDIUM) 2.1 (LOW)

Analysis Generated

Jun 08, 2026 - 06:52 vuln.today

DescriptionCVE.org

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Least privilege violation in D-Link DIR-823G firmware version 1.0.2B05 exposes the vsftpd FTP daemon configuration file (/etc/vsftpd.conf) to manipulation by network-accessible, low-privileged authenticated users, enabling unauthorized modification of FTP service behavior. The CVSS vector (AV:N/AC:L/PR:L/UI:N/I:L) confirms this is remotely exploitable with low complexity by any authenticated user, resulting in limited integrity impact. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain low-privilege router credentials

Delivery

Authenticate to DIR-823G remotely

Exploit

Manipulate /etc/vsftpd.conf via vulnerable function

Execution

Escalate FTP service permissions beyond authorized level

Impact

Leverage modified FTP config for further access

Access

Obtain low-privilege router credentials

Delivery

Authenticate to DIR-823G remotely

Exploit

Manipulate /etc/vsftpd.conf via vulnerable function

Execution

Escalate FTP service permissions beyond authorized level

Impact

Leverage modified FTP config for further access

Vulnerability AssessmentAI

Exploitation	Exploitation requires an authenticated session with low-level privileges on the D-Link DIR-823G (PR:L per CVSS vector) - unauthenticated remote exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The overall real-world risk is moderate-to-low despite the public POC. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has obtained low-privileged authenticated access to the DIR-823G router - for example, via a guest FTP account or a compromised user credential - sends a crafted request or manipulates the /etc/vsftpd.conf configuration file to alter FTP service behavior beyond their authorized privilege level. A publicly available proof-of-concept has been released (referenced at the Notion link in the VulDB submission), lowering the skill bar for exploitation. …
Remediation	No vendor-released patch has been identified for this vulnerability at time of analysis - the remediation level in the CVSS vector is RL:X (undefined), and no D-Link advisory was found at https://www.dlink.com/. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12174 HIGH This Week POC

7.4 Jun 13

Format string vulnerability in the D-Link DCS-935L 1.10.01 IP camera allows authenticated remote attackers to corrupt me

CVE-2026-11492 vulnerability details – vuln.today

Back