CVE-2024-14028
Use-After-Free in Softing smartLink Webserver Causes HTTP DoS
Publication date: 2026-03-27
Last updated on: 2026-03-27
Assigner: Softing
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| softing | smartlink_hw-dp | to 1.31 (inc) |
| softing | smartlink_hw-pn | to 1.02 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate the use-after-free vulnerability in Softing smartLink HW-DP and HW-PN webservers, the recommended immediate step is to update the firmware.
- Update smartLink HW-DP firmware to version 1.32 or later.
- Update smartLink HW-PN firmware to version 1.02 or later.
Can you explain this vulnerability to me?
This vulnerability is a use after free issue in the webserver components of Softing smartLink HW-DP and smartLink HW-PN devices. It allows an attacker to cause a denial of service (DoS) by exploiting the webserver, which can lead to the webserver crashing or becoming unresponsive.
How can this vulnerability impact me? :
The primary impact of this vulnerability is an HTTP denial of service (DoS) attack. An attacker could exploit this flaw to disrupt the availability of the affected devices' webservers, potentially causing service interruptions or downtime.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability CVE-2024-14028 is a use-after-free issue leading to a denial of service (DoS) condition affecting availability but does not impact confidentiality or integrity.
Since the vulnerability does not affect confidentiality or integrity of data, it does not directly compromise personal data protection requirements under regulations like GDPR or HIPAA.
However, the high availability impact could affect operational continuity, which may indirectly influence compliance if service availability is a regulatory requirement.
Mitigation by updating firmware to fixed versions is recommended to maintain system availability and reduce risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability CVE-2024-14028 is a use-after-free issue in the Softing smartLink HW-DP and HW-PN webservers that can cause a denial of service (DoS) via HTTP. Detection involves identifying if your devices are running affected firmware versions: smartLink HW-DP up to 1.31 and smartLink HW-PN before 1.02.
Since the vulnerability is triggered by HTTP requests causing multiple implicit reads in parallel, monitoring for unusual HTTP traffic patterns or crashes on these devices may indicate exploitation attempts.
No specific detection commands or signatures are provided in the available resources. However, general network scanning or HTTP request testing tools could be used to probe the webserver for abnormal behavior or crashes.
It is recommended to verify the firmware version on your devices to determine if they are vulnerable. Updating to firmware version 1.32 or later for smartLink HW-DP and 1.02 or later for smartLink HW-PN is the advised mitigation.