PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11497 D-Link CVE debrief

CVE-2026-11497 is a medium severity vulnerability in D-Link DCS-5615 1.01.00. The vulnerability affects an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver, allowing for least privilege violation. The attack can be executed remotely and has been disclosed to the public.

Vendor
D-Link
Product
DCS-5615
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-08
Original CVE updated
2026-06-09
Advisory published
2026-06-08
Advisory updated
2026-06-09

Who should care

Users of D-Link DCS-5615 1.01.00 should be aware of this vulnerability and take necessary actions to mitigate it.

Technical summary

The vulnerability has a CVSS score of 5.5 and is classified as CWE-266 and CWE-272. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

MEDIUM

Recommended defensive actions

  • Apply patches or updates provided by the vendor (see resourceLinkAnnotations 'ref-9' for vendor advisory).
  • Review and restrict access to the /etc/conf.d/boa/boa.conf file.
  • Monitor for suspicious activity on the Boa Webserver.

Evidence notes

The vulnerability has been disclosed to the public and may be used. The exploit has been disclosed to the public.

Official resources

CVE-2026-11497 was published on 2026-06-08T09:16:29.517Z and modified on 2026-06-09T16:16:48.267Z.