CVE-2026-3485
Awaiting Analysis Awaiting Analysis - Queue
OS Command Injection in D-Link DIR-868L SSDP Service

Publication date: 2026-03-03

Last updated on: 2026-03-04

Assigner: VulDB

Description
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-03
Last Modified
2026-03-04
Generated
2026-06-16
AI Q&A
2026-03-03
EPSS Evaluated
2026-06-14
NVD
CVE-2026-3485
EUVD
EUVD-2026-9322
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink dir-868l_firmware 110b03
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-3485 is a critical OS command injection vulnerability found in the D-Link DIR-868L router, version 110b03, specifically within the SSDP Service component's function sub_1BF84."}, {'type': 'paragraph', 'content': 'The vulnerability arises from improper handling of the ST argument, which allows an attacker to inject and execute arbitrary operating system commands remotely without any authentication.'}, {'type': 'paragraph', 'content': "This flaw corresponds to CWE-78, where externally influenced input is used to construct OS commands without proper neutralization of special characters, compromising the device's confidentiality, integrity, and availability."}, {'type': 'paragraph', 'content': 'The affected products are no longer supported by the manufacturer.'}] [1, 2]

Impact Analysis

An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted request to the SSDP service, allowing them to execute arbitrary operating system commands on the affected device.

This can lead to full system compromise, affecting the confidentiality, integrity, and availability of the device.

Since the device is no longer supported, no known mitigations or countermeasures exist, making replacement with alternative hardware the recommended action.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for unusual or suspicious SSDP service requests that include manipulated ST arguments, which may indicate attempts to exploit the OS command injection flaw.

Since the vulnerability involves sending specially crafted request headers to the SSDP service, network traffic analysis tools can be used to inspect SSDP packets for abnormal ST values.

No specific detection commands are provided in the available resources.

Mitigation Strategies

There are no known mitigations or countermeasures for this vulnerability.

The recommended immediate step is to replace the affected D-Link DIR-868L 110b03 device with alternative hardware that is supported and not vulnerable.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3485. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart