In a stark reminder of the risks lurking in outdated smart home gear, a severe vulnerability has been disclosed in the D-Link DHP-1320 powerline adapter.
Tracked as CVE-2026-4529, this stack-based buffer overflow hits the device’s SOAP handler, specifically the redirect_count_down_page function. Published on March 21, 2026, by VulDB, the flaw allows remote attackers to crash the device or potentially execute arbitrary code, earning it a top-tier CVSS score of 9.0.
Imagine your home network’s powerline bridge, meant to zip internet through your walls, suddenly becoming a hacker’s playground. That’s the scenario for users still running firmware version 1.00WWB04 on the D-Link DHP-1320. No authentication beyond basic credentials is needed, making it a low-hanging fruit for threat actors scanning the wild.
At its core, this is a classic memory mishap under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
The SOAP handler fails to properly check input lengths, letting oversized data overflow the stack, like pouring too much water into a glass and spilling everywhere. This can corrupt adjacent memory, leading to denial-of-service (DoS) or worse, remote code execution (RCE).
Public proof-of-concept (PoC) exploits are already circulating. Attackers can trigger it remotely over the network, no physical access required.
| Score | Severity | Vector (CVSS 2.0/3.1/4.0) | Source | First Seen |
|---|---|---|---|---|
| 9.0 | HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C | VulDB | 2026-03-21 |
| 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | VulDB | 2026-03-21 |
| 7.4 | HIGH | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H | VulDB | 2026-03-21 |
EPSS score is unavailable yet, but public exploits increase its real-world risk.
Affected Products and Scope
- Primary Target: D-Link DHP-1320 (firmware 1.00WWB04)
- Status: End-of-life no patches from D-Link. Check D-Link’s site for alternatives.
- Alternative ID: EUVD-2026-14260
This isn’t isolated; D-Link’s history includes similar router flaws. Legacy devices like this powerline adapter, popular in SMB and home setups for extending Wi-Fi, amplify the threat in unmonitored networks.
Mitigation:
- Isolate or Replace: Power off the device if possible; migrate to supported hardware, such as modern mesh systems.
- Network Segmentation: Place it behind a firewall and block inbound SOAP traffic (typically on ports 80/443).
- Monitor Logs: Watch for overflow crashes or unusual SOAP requests.
- Scan Your Fleet: Use tools like Nmap or Shodan to detect exposed DHP-1320s.
| Type | Indicator | Description |
|---|---|---|
| Hash | N/A (firmware-specific) | Analyze 1.00WWB04 binaries for overflow patterns |
| URL | /soap/redirect_count_down_page | Malicious endpoint trigger |
| User-Agent | Custom PoC strings from GitHub repo | Exploit signatures |
This could be chained with other exploits to pivot into home networks. As smart home adoption surges, projected to hit 1 billion devices by 2027, patching legacy kit isn’t optional.
Site: cybersecuritypath.com
Reference:
| https://vuldb.com/?submit.773932 |
| https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dhp1320-dlink |
| https://www.dlink.com/ |
| https://vuldb.com/?id.352317 |
| https://vuldb.com/?ctiid.352317 |
About the Author
