CRITICALCVE-2026-3485Published 2026-03-03Modified 2026-03-03CNA VulDB

CVE-2026-3485: D-Link DIR-868L SSDP Service sub_1BF84 os command injection

A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

D-Link / DIR-868L
110b03

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

VDB-348560 | D-Link DIR-868L SSDP Service sub_1BF84 os command injection
VDB-348560 | CTI Indicators (IOB, IOC, TTP, IOA)
Submit #764759 | D-Link dir-868I REVA1_FW110b03 OS Command Injection
kn0sinna.notion.site
dlink.com

Metrics