CVE-2018-25235
Received Received - Intake
Buffer Overflow in NetworkActiv Web Server 4.0 Causes DoS

Publication date: 2026-03-30

Last updated on: 2026-04-08

Assigner: VulnCheck

Description
NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-30
Last Modified
2026-04-08
Generated
2026-06-16
AI Q&A
2026-03-30
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25235
EUVD
EUVD-2018-21727
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
networkactiv web_server to 4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2018-25235 is a buffer overflow vulnerability in NetworkActiv Web Server version 4.0 and earlier. It occurs in the username field within the Security options of the web server. Local attackers can exploit this by supplying an excessively long string as the username through the Set username interface. This causes an out-of-bounds write that crashes the application.

Impact Analysis

This vulnerability can be exploited by local attackers to cause a denial of service (DoS) condition by crashing the NetworkActiv Web Server application. By entering an overly long username string, the server crashes and becomes unavailable, potentially disrupting services that rely on it.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the denial of service condition through the 'Set username' interface of the NetworkActiv Web Server 4.0. Specifically, inputting an excessively long string as the username will cause the server to crash.

A proof-of-concept method involves using a Python script to generate a payload of 11,250 'A' characters, then pasting this string into the 'Set username' field in the Security options of the server. If the server crashes, the vulnerability is present.

  • Run the provided Python script `NetworkActiv_Web_Server_4.0_PA_3.7.2.py` to generate the long string payload.
  • Copy the generated payload from the output file (e.g., `Network.txt`).
  • Open NetworkActiv Web Server 4.0 and navigate to Security options.
  • Select 'Set username' and paste the long string into the 'New Value' field.
  • Observe if the server crashes, indicating the presence of the vulnerability.
Mitigation Strategies

To mitigate this vulnerability immediately, avoid entering excessively long strings in the 'Set username' field of the NetworkActiv Web Server.

Restrict local access to the server to trusted users only, as the attack requires local interaction.

Monitor the server for crashes or denial of service symptoms related to username changes.

If possible, apply any available patches or updates from the vendor addressing this buffer overflow vulnerability.

Consider implementing input validation or limiting the length of username inputs to prevent buffer overflow.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25235. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart