CVE-2018-25235

NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/45302	Exploit VDB Entry
https://www.networkactiv.com/Dev/	Product
https://www.networkactiv.com/WebServer.html	Product
https://www.vulncheck.com/advisories/networkactiv-web-server-username-field-buffer-overflow-dos	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:networkactiv:web_server:*:*:*:*:*:*:*:*

History

08 Apr 2026, 16:35

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/45302 -~~	() https://www.exploit-db.com/exploits/45302 - Exploit, VDB Entry
References	~~() https://www.networkactiv.com/Dev/ -~~	() https://www.networkactiv.com/Dev/ - Product
References	~~() https://www.networkactiv.com/WebServer.html -~~	() https://www.networkactiv.com/WebServer.html - Product
References	~~() https://www.vulncheck.com/advisories/networkactiv-web-server-username-field-buffer-overflow-dos -~~	() https://www.vulncheck.com/advisories/networkactiv-web-server-username-field-buffer-overflow-dos - Third Party Advisory
Summary		(es) NetworkActiv Web Server 4.0 contiene una vulnerabilidad de desbordamiento de búfer en el campo de nombre de usuario de las opciones de Seguridad que permite a atacantes locales bloquear la aplicación al proporcionar una cadena excesivamente larga. Los atacantes pueden desencadenar una denegación de servicio al introducir un valor de nombre de usuario manipulado que excede el tamaño de búfer esperado a través de la interfaz Establecer nombre de usuario.
First Time		Networkactiv web Server Networkactiv
CPE		cpe:2.3:a:networkactiv:web_server::::::::

30 Mar 2026, 12:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-30 12:16

Updated : 2026-04-08 16:35

NVD link : CVE-2018-25235

Mitre link : CVE-2018-25235

CVE.ORG link : CVE-2018-25235

JSON object : View

Products Affected

networkactiv

web_server

CWE

CWE-787

Out-of-bounds Write

6.2 /10