CVE-2018-25235

NetworkActiv Web Server 4.0 Username Field Buffer Overflow DoS

CVSS 6.9 MEDIUMEPSS 0.2%CWE-787

NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected products

Networkactiv · NetworkActiv Web Server

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/45302unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/45302 https://www.networkactiv.com/Dev/https://www.networkactiv.com/WebServer.html https://www.vulncheck.com/advisories/networkactiv-web-server-username-field-buffer-overflow-dos