Description
NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface.
Published: 2026-03-30
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via buffer overflow
Action: Patch or Mitigate
AI Analysis

Impact

The vulnerability is a buffer overflow in the username field of the Security options, allowing an attacker who has local access to supply a string that exceeds the expected buffer size. This overflow causes the NetworkActiv Web Server 4.0 application to crash, resulting in a denial of service. The weakness is a classic stack-based buffer overflow (CWE-787), which compromises the server’s availability but does not expose data or allow remote code execution.

Affected Systems

NetworkActiv Web Server version 4.0 is affected. The product is offered by NetworkActiv. No other versions or variants are specified in the CNA data.

Risk and Exploitability

The CVSS score of 6.9 indicates medium severity. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local attacker privileges and access to the Set username interface, meaning the risk is limited to environments where an attacker can log into the server. If the server is exposed to untrusted users, the risk profile could effectively increase.

Generated by OpenCVE AI on March 30, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch or upgrade to a newer, non‑vulnerable version of NetworkActiv Web Server.
  • Restrict local access to the Set username interface to trusted administrators only.
  • Restart the Web Server after applying changes to clear any residual crash state.
  • Monitor system logs for repeated crashes or abnormal activity indicating exploitation attempts.

Generated by OpenCVE AI on March 30, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Networkactiv
Networkactiv networkactiv Web Server
Vendors & Products Networkactiv
Networkactiv networkactiv Web Server

Mon, 30 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Description NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface.
Title NetworkActiv Web Server 4.0 Username Field Buffer Overflow DoS
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Networkactiv Networkactiv Web Server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T11:23:08.378Z

Reserved: 2026-03-30T11:00:34.259Z

Link: CVE-2018-25235

cve-icon Vulnrichment

Updated: 2026-03-30T11:23:00.104Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-30T12:16:17.720

Modified: 2026-03-30T13:26:07.647

Link: CVE-2018-25235

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:41:00Z

Weaknesses