Description
NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of service condition.
Published: 2026-03-30
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

NetSetMan 4.7.1 contains a buffer overflow in the Workgroup feature that can be triggered by supplying an oversized configuration string. When an attacker creates a malicious file with excessive data and pastes it into the Workgroup field, the application crashes, resulting in a denial of service. The vulnerability is a classic stack‑based overflow (CWE‑787) that compromises the integrity of the application process.

Affected Systems

The affected product is NetSetMan from Netsetman, specifically versions 4.0.0 through 4.7.1 running in the professional edition. The vulnerability is referenced by its CPE identifiers for each of those releases, and any user running the 4.x series, particularly 4.7.1, is susceptible. The 5.0.0 release is not listed as affected, implying it is not impacted.

Risk and Exploitability

With a CVSS score of 6.9, the risk is moderate but the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalogs, so it is not a widely known, actively exploited flaw. The local attacker must have access to the target system to supply the configuration file, so the likelihood of remote exploitation is low; however, any local user could easily trigger a denial of service.

Generated by OpenCVE AI on April 8, 2026 at 19:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NetSetMan to version 5.0.0 or later.
  • If upgrade is not immediately possible, delete or sanitize any malicious configuration files and restrict local user access to the Workgroup feature.
  • Monitor the application for crashes and enforce strict user permissions on configuration files.

Generated by OpenCVE AI on April 8, 2026 at 19:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:netsetman:netsetman:4.7.1:*:*:*:pro:*:*:*

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Description NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of service condition.
Title NetSetMan 4.7.1 Workgroup Buffer Overflow Denial of Service
First Time appeared Netsetman
Netsetman netsetman
Weaknesses CWE-787
CPEs cpe:2.3:a:netsetman:netsetman:-:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.0.0:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.0.1:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.0.2:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.0.3:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.0.4:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.1.0:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.1.1:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.1.2:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.1.3:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.1.4:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.2.0:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.2.1:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.2.2:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.2.3:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.3.0:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.3.1:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.3.2:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:4.3.3:*:*:*:pro:*:*:*
cpe:2.3:a:netsetman:netsetman:5.0.0:*:*:*:pro:*:*:*
Vendors & Products Netsetman
Netsetman netsetman
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Netsetman Netsetman
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-01T18:05:38.384Z

Reserved: 2026-03-30T10:54:16.108Z

Link: CVE-2018-25228

cve-icon Vulnrichment

Updated: 2026-04-01T18:05:34.633Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T12:16:16.150

Modified: 2026-04-08T18:34:13.440

Link: CVE-2018-25228

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:00:45Z

Weaknesses