Description
A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used.
Published: 2026-06-08
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the web interface of certain D-Link DGS‑1100‑08PD routers allows an attacker to manipulate the /etc/boa.conf file, leading to a least‑privilege violation. The vulnerability is tied to improper authorization checks (CWE‑266) and insufficient privilege separation (CWE‑272). As a result, an attacker who succeeds in modifying this file could alter configuration settings or elevate privileges for subsequent attacks, potentially compromising the confidentiality, integrity, or availability of the device.

Affected Systems

D‑Link DGS‑1100‑08PD routers running firmware version 1.00.006 are affected. No other versions or models are reported to be vulnerable in the available data.

Risk and Exploitability

The CVSS score of 6.3 categorizes the risk as medium. Although the EPSS score is not available, the advisory states that a publicly available exploit exists, making the vulnerability realistic to mount under the right conditions. The attack is remote, requiring a high level of complexity and difficult to execute, but not impossible. The vulnerability is not listed in the CISA KEV catalog, indicating no confirmed exploitation yet, yet the public availability of an exploit warrants caution.

Generated by OpenCVE AI on June 8, 2026 at 19:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware released by D‑Link that contains the fix for the /etc/boa.conf privilege issue.
  • Restrict access to the router’s web management interface, limiting connections to known LAN hosts or VPN tunnel endpoints and blocking direct internet exposure.
  • Configure the file system so that /etc/boa.conf is writable only by the root user; disable write access for the web interface process and consider disabling the web UI when it is not required.

Generated by OpenCVE AI on June 8, 2026 at 19:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used.
Title D-Link DGS-1100-08PD Web boa.conf least privilege violation
First Time appeared D-link
D-link dgs-1100-08pd
Weaknesses CWE-266
CWE-272
CPEs cpe:2.3:h:d-link:dgs-1100-08pd:*:*:*:*:*:*:*:*
Vendors & Products D-link
D-link dgs-1100-08pd
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dgs-1100-08pd
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T17:45:13.723Z

Reserved: 2026-06-08T05:53:11.594Z

Link: CVE-2026-11555

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T18:16:32.863

Modified: 2026-06-08T18:16:32.863

Link: CVE-2026-11555

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T19:30:06Z

Weaknesses