Skip to main content

Dir 823G

1 CVEs product

Monthly

CVE-2026-15270 MEDIUM POC This Month

Least-privilege violation in the D-Link DIR-823G router (firmware 1.0.2B05_20181207) stems from insecure configuration of the Boa web server via /etc/boa/boa.conf, allowing an authenticated remote attacker to abuse over-broad privileges to compromise confidentiality, integrity, and availability. Publicly available exploit code exists, but the CVSS 4.0 vector rates attack complexity high (AC:H) and vendor guidance notes exploitation is difficult; there is no public exploit identified as actively exploited (not in CISA KEV). EPSS data was not supplied, but the low-privilege network vector combined with full CIA impact makes this a meaningful risk on exposed devices.

D-Link Information Disclosure Dir 823G
NVD VulDB
CVSS 4.0
6.8
EPSS
0.4%
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Least-privilege violation in the D-Link DIR-823G router (firmware 1.0.2B05_20181207) stems from insecure configuration of the Boa web server via /etc/boa/boa.conf, allowing an authenticated remote attacker to abuse over-broad privileges to compromise confidentiality, integrity, and availability. Publicly available exploit code exists, but the CVSS 4.0 vector rates attack complexity high (AC:H) and vendor guidance notes exploitation is difficult; there is no public exploit identified as actively exploited (not in CISA KEV). EPSS data was not supplied, but the low-privilege network vector combined with full CIA impact makes this a meaningful risk on exposed devices.

D-Link Information Disclosure Dir 823G
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy