CVE-2018-25228
Received Received - Intake
Buffer Overflow in NetSetMan 4.7.1 Workgroup Causes DoS

Publication date: 2026-03-30

Last updated on: 2026-04-08

Assigner: VulnCheck

Description
NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-30
Last Modified
2026-04-08
Generated
2026-06-16
AI Q&A
2026-03-30
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25228
EUVD
EUVD-2018-21714
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
netsetman netsetman 4.7.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2018-25228 is a buffer overflow vulnerability in NetSetMan version 4.7.1 affecting the Workgroup feature.

Local attackers can exploit this flaw by creating a malicious configuration file with oversized input data and pasting it into the Workgroup field.

This causes an out-of-bounds write that crashes the application, resulting in a denial of service condition.

Impact Analysis

The vulnerability allows local attackers to crash the NetSetMan application by supplying oversized input to the Workgroup field.

This leads to a denial of service (DoS) condition, making the application unavailable until restarted.

There is no indication that this vulnerability allows for data theft or privilege escalation, but it can disrupt normal network configuration management.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the denial of service condition on systems running NetSetMan version 4.7.1 or earlier. Specifically, a test involves creating a text file containing an oversized input (e.g., 100 'A' characters), copying this content to the clipboard, enabling the Workgroup option in NetSetMan, pasting the content into the Workgroup field, and activating it to see if the application crashes.

  • Create a text file named "netsetman.txt" with 100 'A' characters.
  • Copy the content of the file to the clipboard.
  • Open NetSetMan and enable the Workgroup option.
  • Paste the clipboard content into the Workgroup field.
  • Click "Activate" and observe if the application crashes, indicating the vulnerability.
Compliance Impact

The vulnerability described is a local buffer overflow in NetSetMan 4.7.1 that causes a denial of service by crashing the application when oversized input is supplied to the Workgroup feature.

There is no information provided in the available context or resources about any direct impact of this vulnerability on compliance with common standards or regulations such as GDPR or HIPAA.

Since the vulnerability results in denial of service without compromising confidentiality or integrity of data, its effect on regulatory compliance related to data protection or privacy is not indicated.

Mitigation Strategies

To mitigate the buffer overflow vulnerability in NetSetMan 4.7.1's Workgroup feature, avoid pasting oversized or malicious input into the Workgroup field.

Specifically, do not use configuration files or clipboard data containing excessive data in the Workgroup field, as this can cause the application to crash.

If possible, update to a newer version of NetSetMan that addresses this vulnerability, since versions prior to 5.3.2 cannot be updated automatically and may contain this flaw.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25228. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart