← volver
CVE-2026-3485

D-Link DIR-868L SSDP Service sub_1BF84 os command injection

CVSS 9.3 CRITICALEPSS 4.7%CWE-77CWE-78
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Productos afectados
D-Link · DIR-868L
PoCs públicas encontradas1
cve_referencekn0sinna.notion.site/dlink-dir-868l-ssdp-command-injection-30eb1876cd6e80caa691de6fe5cab59cno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://kn0sinna.notion.site/dlink-dir-868l-ssdp-command-injection-30eb1876cd6e80caa691de6fe5cab59chttps://vuldb.com/?ctiid.348560https://vuldb.com/?id.348560https://vuldb.com/?submit.764759https://www.dlink.com/