CVE-2026-11555

D-Link DGS-1100-08PD Web boa.conf least privilege violation

CVSS 6.3 MEDIUMEPSS 0.4%CWE-266 CWE-272

A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Affected products

D-Link · DGS-1100-08PD

public PoCs found — 1

cve_referencewww.notion.so/D-link-DGS-1100-08PD-v1-00-006-3670ed14e5cb80848bc4e3129dfafa29?source=copy_linkunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://vuldb.com/cve/CVE-2026-11555 https://vuldb.com/submit/834824 https://vuldb.com/vuln/369165 https://vuldb.com/vuln/369165/cti https://www.dlink.com/https://www.notion.so/D-link-DGS-1100-08PD-v1-00-006-3670ed14e5cb80848bc4e3129dfafa29?source=copy_link