CVE-2018-25235
Buffer Overflow in NetworkActiv Web Server 4.0 Causes DoS
Publication date: 2026-03-30
Last updated on: 2026-04-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| networkactiv | web_server | to 4.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2018-25235 is a buffer overflow vulnerability in NetworkActiv Web Server version 4.0 and earlier. It occurs in the username field within the Security options of the web server. Local attackers can exploit this by supplying an excessively long string as the username through the Set username interface. This causes an out-of-bounds write that crashes the application.
How can this vulnerability impact me? :
This vulnerability can be exploited by local attackers to cause a denial of service (DoS) condition by crashing the NetworkActiv Web Server application. By entering an overly long username string, the server crashes and becomes unavailable, potentially disrupting services that rely on it.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the denial of service condition through the 'Set username' interface of the NetworkActiv Web Server 4.0. Specifically, inputting an excessively long string as the username will cause the server to crash.
A proof-of-concept method involves using a Python script to generate a payload of 11,250 'A' characters, then pasting this string into the 'Set username' field in the Security options of the server. If the server crashes, the vulnerability is present.
- Run the provided Python script `NetworkActiv_Web_Server_4.0_PA_3.7.2.py` to generate the long string payload.
- Copy the generated payload from the output file (e.g., `Network.txt`).
- Open NetworkActiv Web Server 4.0 and navigate to Security options.
- Select 'Set username' and paste the long string into the 'New Value' field.
- Observe if the server crashes, indicating the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, avoid entering excessively long strings in the 'Set username' field of the NetworkActiv Web Server.
Restrict local access to the server to trusted users only, as the attack requires local interaction.
Monitor the server for crashes or denial of service symptoms related to username changes.
If possible, apply any available patches or updates from the vendor addressing this buffer overflow vulnerability.
Consider implementing input validation or limiting the length of username inputs to prevent buffer overflow.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.