D-Link DIR-868L OS Command Injection Vulnerability in SSDP Service

Vulnerability

A critical OS command injection vulnerability has been identified in the D-Link DIR-868L router, specifically in the SSDP service function 'sub_1BF84'. This vulnerability arises from improper handling of the 'ST' argument, allowing remote, unauthenticated attackers to execute arbitrary OS commands. The issue affects version 110b03 of the DIR-868L model, which is no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for pre-authentication OS command injection, with the potential for full system compromise.

Added: Mar 3, 2026, 9:18 PM

Updated: Mar 3, 2026, 9:54 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

3.4

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

3.4

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-868L OS Command Injection Vulnerability in SSDP Service

Vulnerability

Impact

Affected Products

D-Link DIR-868L

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating