Description
NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of service condition.
Published: 2026-03-30
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

NetSetMan 4.7.1 includes a buffer overflow in the Workgroup feature that lets a local attacker craft a configuration file with excessive data and paste it into the Workgroup field, causing the application to crash. The consequence is a denial‑of‑service condition for any user running the program, with no elevation of privilege or data exposure.

Affected Systems

The vulnerability affects NetSetMan’s NetSetMan product, specifically the 4.7.1 build and potentially earlier pro releases such as 4.0.0 through 5.0.0 as indicated by the CPE list. The attack requires local access to the machine where the application is installed.

Risk and Exploitability

With a CVSS score of 6.9, the vulnerability is rated as moderately severe. The EPSS score is not available, and it is not listed in the CISA KEV catalog. Attackers need local presence to supply the oversized Workgroup input; thus the exploit path is straightforward but limited to the local user context. Once triggered, the application terminates, disrupting service for all local users.

Generated by OpenCVE AI on March 30, 2026 at 12:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NetSetMan to the latest available version or apply any vendor‑supplied patch for the 4.7.1 buffer overflow.
  • If an upgrade is not possible, disable the Workgroup feature or close the NetSetMan application to prevent the crash.
  • Verify that the application no longer crashes after the upgrade and monitor for any related service disruptions.

Generated by OpenCVE AI on March 30, 2026 at 12:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Description NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of service condition.
Title NetSetMan 4.7.1 Workgroup Buffer Overflow Denial of Service
First Time appeared Netsetman
Netsetman netsetman
Weaknesses CWE-787
CPEs cpe:2.3:a:netsetman:netsetman:-:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.0.0:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.0.1:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.0.2:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.0.3:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.0.4:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.1.0:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.1.1:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.1.2:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.1.3:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.1.4:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.2.0:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.2.1:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.2.2:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.2.3:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.3.0:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.3.1:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.3.2:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.3.3:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:5.0.0:*:*:*:pro:*:*:*
Vendors & Products Netsetman
Netsetman netsetman
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Netsetman Netsetman
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T11:02:21.149Z

Reserved: 2026-03-30T10:54:16.108Z

Link: CVE-2018-25228

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-30T12:16:16.150

Modified: 2026-03-30T13:26:07.647

Link: CVE-2018-25228

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:41:05Z

Weaknesses