CVE-2026-3485

CWE-77 — Command Injection CWE-78 — OS Command Injection4 documents4 sources

Severity

8.9HIGH

EPSS

0.4%

top 39.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dir-868l Dlink Dir-868l Firmware

Timeline

PublishedMar 3

Description

A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5d-link/dir-868l110b03

▶NVDdlink/dir-868l_firmware110b03

🔴Vulnerability Details

GHSA

GHSA-293m-75qg-jwrv: A flaw has been found in D-Link DIR-868L 110b03↗2026-03-03

▶

CVEList

D-Link DIR-868L SSDP Service sub_1BF84 os command injection↗2026-03-03

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS D-Link SSDP ST Header Command Injection Attempt (CVE-2025-10629, CVE-2026-3485)↗2025-09-18

▶