Description
NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface.
Published: 2026-03-30
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

NetworkActiv Web Server 4.0 has a buffer overflow in the username field of its security options. A local attacker can supply an excessively long string to the Set username interface, causing the application to crash and resulting in a denial of service. The flaw is a classic buffer overflow (CWE‑787) that affects only the availability of the web server.

Affected Systems

NetworkActiv Web Server version 4.0 is the only product version listed as impacted in the Advisory. No other products or versions are mentioned as affected.

Risk and Exploitability

The CVSS score of 6.9 reflects moderate severity with local access required. The EPSS score of less than 1 % suggests a low likelihood of exploitation. This vulnerability is not in CISA's KEV catalog. The attack vector is local interaction with the Set username interface, which must be accessed by the attacker to trigger the overflow and cause a denial of service.

Generated by OpenCVE AI on April 8, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor-published patch or upgrade to a newer version of NetworkActiv Web Server.
  • If a patch is not available, restrict access to the Set username interface using firewall rules or network segmentation to limit local attackers.
  • Restart the web server after applying a patch to restore service.
  • Monitor server logs for repeated crash events to confirm that the vulnerability has been mitigated.

Generated by OpenCVE AI on April 8, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Networkactiv web Server
CPEs cpe:2.3:a:networkactiv:web_server:*:*:*:*:*:*:*:*
Vendors & Products Networkactiv web Server

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Networkactiv
Networkactiv networkactiv Web Server
Vendors & Products Networkactiv
Networkactiv networkactiv Web Server

Mon, 30 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Description NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface.
Title NetworkActiv Web Server 4.0 Username Field Buffer Overflow DoS
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Networkactiv Networkactiv Web Server Web Server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T11:23:08.378Z

Reserved: 2026-03-30T11:00:34.259Z

Link: CVE-2018-25235

cve-icon Vulnrichment

Updated: 2026-03-30T11:23:00.104Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T12:16:17.720

Modified: 2026-04-08T16:35:29.377

Link: CVE-2018-25235

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:00:40Z

Weaknesses