Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
D-Link DIR-868L DIR-868L: Remote Command Injection Risk via SSDP Service
CVE-2026-3485
Summary
A security flaw in the D-Link DIR-868L's SSDP Service allows an attacker to execute unauthorized commands on the device remotely. This affects older, unsupported versions of the device, which means there are no further security updates available. To minimize risk, consider replacing the device with a supported model.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| dlink | dir-868l_firmware | 110b03 | – |
Original title
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible ...
Original description
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
- https://kn0sinna.notion.site/dlink-dir-868l-ssdp-command-injection-30eb1876cd6e8... Exploit Third Party Advisory
- https://vuldb.com/?ctiid.348560 Permissions Required VDB Entry
- https://vuldb.com/?id.348560 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.764759 Third Party Advisory VDB Entry
- https://www.dlink.com/ Product
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026