CVE-2026-3485
OS Command Injection in D-Link DIR-868L SSDP Service
Publication date: 2026-03-03
Last updated on: 2026-03-04
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-868l_firmware | 110b03 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-3485 is a critical OS command injection vulnerability found in the D-Link DIR-868L router, version 110b03, specifically within the SSDP Service component's function sub_1BF84."}, {'type': 'paragraph', 'content': 'The vulnerability arises from improper handling of the ST argument, which allows an attacker to inject and execute arbitrary operating system commands remotely without any authentication.'}, {'type': 'paragraph', 'content': "This flaw corresponds to CWE-78, where externally influenced input is used to construct OS commands without proper neutralization of special characters, compromising the device's confidentiality, integrity, and availability."}, {'type': 'paragraph', 'content': 'The affected products are no longer supported by the manufacturer.'}] [1, 2]
How can this vulnerability impact me? :
An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted request to the SSDP service, allowing them to execute arbitrary operating system commands on the affected device.
This can lead to full system compromise, affecting the confidentiality, integrity, and availability of the device.
Since the device is no longer supported, no known mitigations or countermeasures exist, making replacement with alternative hardware the recommended action.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or suspicious SSDP service requests that include manipulated ST arguments, which may indicate attempts to exploit the OS command injection flaw.
Since the vulnerability involves sending specially crafted request headers to the SSDP service, network traffic analysis tools can be used to inspect SSDP packets for abnormal ST values.
No specific detection commands are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
There are no known mitigations or countermeasures for this vulnerability.
The recommended immediate step is to replace the affected D-Link DIR-868L 110b03 device with alternative hardware that is supported and not vulnerable.