Description
Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.
This issue affects:
smartLink HW-DP: through 1.31
smartLink HW-PN: before 1.02.
Published: 2026-03-27
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via HTTP
Action: Patch Firmware
AI Analysis

Impact

Use-after-free vulnerability in the webserver of Softing smartLink HW-DP and HW-PN devices can cause the server to crash or become unavailable when multiple implicit reads are performed in parallel. The flaw originates from improper memory handling after an object has been freed (CWE-416), leading to a denial-of-service condition that disrupts the device’s network services.

Affected Systems

The flaw affects Softing smartLink HW-DP firmware versions up to and including 1.31, and Softing smartLink HW-PN firmware versions before 1.02. Devices running any of these firmware releases are susceptible to the vulnerability.

Risk and Exploitability

The CVSS base score is 6.5, indicating a medium severity level. Exploit probability data (EPSS) is not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers can trigger the flaw remotely by sending crafted HTTP requests to the device over its network interface; no local privilege is required. Because the device may be exposed in industrial control environments, an unpatched unit could experience periods of unusability due to repeated crashes.

Generated by OpenCVE AI on March 27, 2026 at 07:20 UTC.

Remediation

Vendor Solution

Update firmware for smartLink HW-DP: to 1.32 smartLink HW-PN: to 1.02.

OpenCVE Recommended Actions

  • Update firmware for smartLink HW-DP to version 1.32
  • Update firmware for smartLink HW-PN to version 1.02

Generated by OpenCVE AI on March 27, 2026 at 07:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 06:00:00 +0000

Type Values Removed Values Added
Description Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-PN: before 1.02.
Title Multiple implicit reads in parallel can result in a crash or denial of service
First Time appeared Softing
Softing smartlink Hw-dp
Softing smartlink Hw-pn
Weaknesses CWE-416
CPEs cpe:2.3:a:softing:smartlink_hw-dp:*:*:*:*:*:*:*:*
cpe:2.3:a:softing:smartlink_hw-dp:1.32:*:*:*:*:*:*:*
cpe:2.3:a:softing:smartlink_hw-pn:*:*:*:*:*:*:*:*
cpe:2.3:a:softing:smartlink_hw-pn:1.02:*:*:*:*:*:*:*
Vendors & Products Softing
Softing smartlink Hw-dp
Softing smartlink Hw-pn
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Softing Smartlink Hw-dp Smartlink Hw-pn
cve-icon MITRE

Status: PUBLISHED

Assigner: Softing

Published:

Updated: 2026-03-27T13:45:30.144Z

Reserved: 2026-03-23T15:31:51.510Z

Link: CVE-2024-14028

cve-icon Vulnrichment

Updated: 2026-03-27T13:39:08.124Z

cve-icon NVD

Status : Received

Published: 2026-03-27T06:16:35.863

Modified: 2026-03-27T06:16:35.863

Link: CVE-2024-14028

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:22:06Z

Weaknesses