CVE-2024-14028
Received Received - Intake
Use-After-Free in Softing smartLink Webserver Causes HTTP DoS

Publication date: 2026-03-27

Last updated on: 2026-03-27

Assigner: Softing

Description
Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-PN: before 1.02.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-03-27
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2024-14028
EUVD
EUVD-2024-55506
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
softing smartlink_hw-dp to 1.31 (inc)
softing smartlink_hw-pn to 1.02 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate the use-after-free vulnerability in Softing smartLink HW-DP and HW-PN webservers, the recommended immediate step is to update the firmware.

  • Update smartLink HW-DP firmware to version 1.32 or later.
  • Update smartLink HW-PN firmware to version 1.02 or later.
Executive Summary

This vulnerability is a use after free issue in the webserver components of Softing smartLink HW-DP and smartLink HW-PN devices. It allows an attacker to cause a denial of service (DoS) by exploiting the webserver, which can lead to the webserver crashing or becoming unresponsive.

Impact Analysis

The primary impact of this vulnerability is an HTTP denial of service (DoS) attack. An attacker could exploit this flaw to disrupt the availability of the affected devices' webservers, potentially causing service interruptions or downtime.

Compliance Impact

The vulnerability CVE-2024-14028 is a use-after-free issue leading to a denial of service (DoS) condition affecting availability but does not impact confidentiality or integrity.

Since the vulnerability does not affect confidentiality or integrity of data, it does not directly compromise personal data protection requirements under regulations like GDPR or HIPAA.

However, the high availability impact could affect operational continuity, which may indirectly influence compliance if service availability is a regulatory requirement.

Mitigation by updating firmware to fixed versions is recommended to maintain system availability and reduce risk.

Detection Guidance

The vulnerability CVE-2024-14028 is a use-after-free issue in the Softing smartLink HW-DP and HW-PN webservers that can cause a denial of service (DoS) via HTTP. Detection involves identifying if your devices are running affected firmware versions: smartLink HW-DP up to 1.31 and smartLink HW-PN before 1.02.

Since the vulnerability is triggered by HTTP requests causing multiple implicit reads in parallel, monitoring for unusual HTTP traffic patterns or crashes on these devices may indicate exploitation attempts.

No specific detection commands or signatures are provided in the available resources. However, general network scanning or HTTP request testing tools could be used to probe the webserver for abnormal behavior or crashes.

It is recommended to verify the firmware version on your devices to determine if they are vulnerable. Updating to firmware version 1.32 or later for smartLink HW-DP and 1.02 or later for smartLink HW-PN is the advised mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-14028. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart