CVE-2026-11492 PUBLISHED

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

• L-14 (VulDB User) reporter

• VDB-369112 | D-Link DIR-823G vsftpd vsftpd.conf least privilege violation
• VDB-369112 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-11492 | CVE Analysis and Report
• Submit #834816 | D-Link DIR823G V1.0.2B05_20181207 Misconfiguration
• https://www.notion.so/D-Link-DIR823G-V1-0-2B05_20181207-3671f5ba989080ac97fdc36d2fb5e57d?source=copy_link
• https://www.dlink.com/

• Least Privilege Violation CWE
• Incorrect Privilege Assignment CWE