The D-Link DIR-868L router is subject to a critical remote command injection vulnerability in its SSDP service, which is currently being exploited by attackers using publicly available code.

An OS command injection flaw exists in the sub_1BF84 function of the SSDP service component. An unauthenticated remote attacker can manipulate the ST argument to execute arbitrary system commands with elevated privileges.

The impact of this vulnerability is catastrophic, as evidenced by its CVSS score of 9.8. A successful exploit allows an attacker to gain full control over the router, potentially leading to network interception, data theft, and lateral movement into the internal network. Because this product is end-of-life (EOL), no further security updates will be provided, leaving the hardware permanently vulnerable.

Immediate Action: Discontinue the use of the D-Link DIR-868L immediately and replace it with a currently supported model that receives regular security updates.

Proactive Monitoring: Review network traffic for unauthorized outbound connections or unusual UPnP/SSDP activity originating from the device.

Compensating Controls: If immediate replacement is impossible, disable the SSDP service and place the device behind a strict firewall that blocks external access to the management interfaces.

Public Exploit Available: true

Due to the critical severity and the lack of vendor support for this EOL product, the only secure recommendation is to decommission the affected hardware. Organizations must move to modern, supported networking equipment to ensure the security of their perimeter and internal communications.