Description
WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash.
Published: 2026-03-30
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service by crashing the WebDrive application
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a buffer overflow that allows an attacker to crash the WebDrive 18.00.5057 application by supplying a 5000‑byte username string during the Secure WebDAV connection setup. The flaw can be triggered by executing a simple connection test and results in the application terminating unexpectedly, thereby denying legitimate users access to the drive until the service is restarted.

Affected Systems

The flaw affects WebDrive version 18.00.5057 produced by WebDrive (South River Technology). Any deployment of this specific build that uses Secure WebDAV is vulnerable. No other versions are mentioned as affected.

Risk and Exploitability

The CVSS score of 6.9 indicates medium severity. Because the exploit requires the attacker to be present on the machine that runs WebDrive, the risk is limited to local. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not widely exploited yet. An attacker could achieve a denial of service by crafting a long username string and initiating a Secure WebDAV connection, causing the application to crash and potentially disrupting business operations.

Generated by OpenCVE AI on March 30, 2026 at 12:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch or upgrade to the latest WebDrive release.
  • Restart the WebDrive service after the update to ensure changes take effect.
  • Verify that Secure WebDAV connections no longer crash by performing a connection test.
  • If an immediate update is not feasible, disable Secure WebDAV functionality temporarily to mitigate the risk.
  • Regularly review WebDrive security advisory pages for any new updates.

Generated by OpenCVE AI on March 30, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Description WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash.
Title WebDrive 18.00.5057 Denial of Service via Secure WebDAV
First Time appeared Southrivertech
Southrivertech webdrive
Weaknesses CWE-233
CPEs cpe:2.3:a:southrivertech:webdrive:18.00.5057:*:*:*:*:*:*:*
Vendors & Products Southrivertech
Southrivertech webdrive
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Southrivertech Webdrive
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T13:38:57.879Z

Reserved: 2026-03-30T10:59:35.575Z

Link: CVE-2018-25233

cve-icon Vulnrichment

Updated: 2026-03-30T13:38:55.071Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T12:16:17.293

Modified: 2026-04-08T16:43:23.467

Link: CVE-2018-25233

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:11:23Z

Weaknesses