By weakness (CWE)
CWE-272: related vulnerabilities
CVEs classified under CWE-272. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
6 published vulnerabilities
- CVE-2026-11497MEDIUM 5.3
A vulnerability exists in D-Link DCS-5615 network camera firmware version 1.01.00 affecting the Boa web server configuration. An unauthenticated remote attacker can manipulate the web server settings to escalate privileges or modify system functionality without proper authorization. The vulnerability requires no special interaction from the user and can be exploited over the network. While the technical impact is bounded to integrity violations, the ability to alter web server configuration on a networked device introduces operational risk, particularly in environments where the camera serves as a network endpoint with security implications.
- CVE-2026-11620MEDIUM 5.3
TOTOLINK has released a vulnerability in the EX200 router (version 4.0.3c.7646) that allows an attacker to manipulate vsftpd configuration files remotely without authentication, potentially bypassing security restrictions. The flaw resides in how the device handles file permissions or access controls for the FTP service configuration, enabling an unauthenticated attacker over the network to make unauthorized changes that could weaken the router's security posture.
- CVE-2026-11492MEDIUM 4.3
A vulnerability in the D-Link DIR-823G router (firmware version 1.0.2B05) allows an authenticated attacker to modify the vsftpd configuration file in a way that violates least privilege protections. The flaw can be exploited remotely by someone with valid login credentials. While the barrier to entry requires authentication, the impact is a privilege escalation that could allow an attacker to exceed their intended access level on the device.
- CVE-2026-11494MEDIUM 4.3
A privilege escalation vulnerability has been discovered in TOTOLIK AC1200 T8 running firmware version 4.1.5cu.8611. The flaw resides in the vsftpd (Very Secure FTP Daemon) configuration file and allows an authenticated attacker to modify settings in a way that violates the principle of least privilege. While the vulnerability requires valid login credentials to exploit, successful attacks could lead to unauthorized configuration changes that broaden attacker capabilities on the device. Public disclosure of this issue means exploitation techniques are available in the wild.
- CVE-2026-11554MEDIUM 4.3
A privilege escalation weakness has been identified in TOTOLINK CP450 version 4.1.0cu.747 affecting the vsftpd FTP service configuration. An authenticated attacker can modify the /etc/vsftpd.conf file in a way that violates the principle of least privilege, potentially allowing them to expand their access or capabilities on the device. The vulnerability requires valid login credentials to exploit, but once leveraged, could enable unauthorized actions. Public details about this issue are already available, increasing the likelihood of active exploitation.
- CVE-2026-11555LOW 3.7
A privilege escalation vulnerability exists in D-Link's DGS-1100-08PD switch running firmware version 1.00.006. The issue resides in how the web interface processes the /etc/boa.conf configuration file, potentially allowing an attacker to modify system settings in ways that bypass normal access restrictions. While a public exploit exists, successful exploitation requires significant technical skill and specific conditions to align. The impact is limited to integrity violations—an attacker cannot read sensitive data or crash the device, only make unauthorized configuration changes.