CVE-2026-3485 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 4, 2026
D-Link DIR-868L - Command Injection
Overview
D-Link DIR-868L 110b03 contains a command injection caused by manipulation of the "ST" argument in SSDP Service sub_1BF84 function, letting remote attackers execute OS commands, exploit requires network access.
Severity & Score
Impact
Remote attackers can execute arbitrary OS commands, potentially leading to full system compromise.
Mitigation
Upgrade to the latest supported version or replace the device as it is no longer supported.
References
Social Media Activity(2 posts)
š“ CVE-2026-3485 - Critical (9.8) A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has b... š https://www.thehackerwire.com/vulnerability/CVE-2026-3485/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
ā ļø CRITICAL: CVE-2026-3485 enables remote OS command injection in D-Link DIR-868L (110b03) via SSDP (UPnP). Exploit is public, no patch. Replace or isolate device ASAP ā block SSDP, monitor traffic. https://radar.offseq.com/threat/cve-2026-3485-os-command-injection-in-d-link-dir-8-905d15ee #OffSeq #CVE20263485 #RouterSecurity #Vuln
View original postRelated Resources
Details
- CVE ID
- CVE-2026-3485
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- command_injection
- Status
- confirmed
- EPSS
- 33.0%
- Social Posts
- 2
CWE
- CWE-77
- CWE-78
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H