PatchSiren cyber security CVE debrief

CVE-2026-11492 D-Link CVE debrief

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05, specifically in the vsftpd component. This flaw leads to a least privilege violation and can be exploited remotely. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 2.1, indicating a low severity.

Vendor: D-Link
Product: DIR-823G
CVSS: LOW 2.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-08
Original CVE updated: 2026-06-09
Advisory published: 2026-06-08
Advisory updated: 2026-06-09

Who should care

Administrators and users of D-Link DIR-823G 1.0.2B05 devices should be aware of this vulnerability and take necessary precautions to mitigate the risk.

Technical summary

The vulnerability is caused by an unknown function in the /etc/vsftpd.conf file of the vsftpd component. An attacker can manipulate this function to achieve a least privilege violation. The attack can be initiated remotely, and the exploit has been released to the public.

Defensive priority

Low

Recommended defensive actions

Update to the latest firmware version if available.
Restrict access to the vsftpd component.
Monitor for suspicious activity on the device.

Evidence notes

The CVE record for this vulnerability can be found at [cve-org]. The NVD detail page for this vulnerability is available at [nvd].

Official resources

CVE-2026-11492 CVE record
CVE.org
CVE-2026-11492 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected] - Permissions Required, VDB Entry
Source reference
[email protected] - Product
Mitigation or vendor reference
[email protected] - Vendor Advisory, Exploit

CVE-2026-11492 was published on 2026-06-08T07:16:26.850Z and modified on 2026-06-09T16:17:15.573Z.