Description
Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of service condition that crashes the application.
Published: 2026-03-30
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Crash)
Action: Patch
AI Analysis

Impact

A local buffer overflow allows an attacker to crash Free IP Switcher 3.1 by supplying an excessively long string in the Computer Name field. When the user clicks Activate, the application terminates unexpectedly, resulting in a denial of service. The issue is classified as a memory corruption weakness (CWE-787).

Affected Systems

The vulnerability affects the Free IP Switcher 3.1 application distributed by Eusing. No broader product or version range is specified beyond this release.

Risk and Exploitability

The CVSS score is 6.8, indicating a moderate severity. The EPSS probability is less than 1%, suggesting that exploitation is unlikely but still possible. The vulnerability is not listed in the CISA KEV catalog. Attackers must be able to interact locally with the affected workstation, for example by running the program or manipulating its input fields. No network exposure is required, so the attack vector is local.

Generated by OpenCVE AI on April 8, 2026 at 18:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor's website for security updates or patches for Free IP Switcher 3.1
  • Apply the latest patch or upgrade to a secure version if available
  • If a patch is unavailable, prevent the application from running on non‑essential systems or restrict local access to trusted users

Generated by OpenCVE AI on April 8, 2026 at 18:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:eusing:free_ip_switcher:*:*:*:*:*:*:*:*

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Eusing
Eusing free Ip Switcher
Vendors & Products Eusing
Eusing free Ip Switcher

Mon, 30 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Description Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of service condition that crashes the application.
Title Free IP Switcher 3.1 Denial of Service via Computer Name
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Eusing Free Ip Switcher
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T14:04:07.751Z

Reserved: 2026-03-30T10:55:56.362Z

Link: CVE-2018-25230

cve-icon Vulnrichment

Updated: 2026-03-30T14:03:48.343Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T12:16:16.637

Modified: 2026-04-08T17:31:14.157

Link: CVE-2018-25230

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:00:44Z

Weaknesses