Description
NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by pasting a 1000-byte buffer into the Share Name parameter when adding a new share through the Manage Shares interface.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via local buffer overflow
Action: Patch
AI Analysis

Impact

The vulnerability is a classic buffer overflow in the Share Name field of NetAware 1.20, which allows a local attacker to crash the application by supplying an excessively long string (around 1000 bytes). When the Manage Shares interface processes the input, the overflow leads to an uncontrolled termination of the program, effectively denying service to legitimate users. The weakness corresponds to CWE‑787, indicating lack of bounds checking for user input leading to memory corruption.

Affected Systems

The product affected is Infiltration‑Systems NetAware version 1.20. No other versions are listed as vulnerable and no additional affected vendors are mentioned. The shared product is a network awareness application that allows the user to add custom share definitions via a GUI interface.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate to high severity, while the EPSS score of less than 1% shows a very low probability of exploitation in the wild. The vulnerability is not included in CISA’s KEV catalog, suggesting it has not been widely exploited yet. The likely attack vector is local, requiring the attacker to have access to the machine running NetAware in order to input an oversized Share Name. No publicly documented remote exploitation method exists.

Generated by OpenCVE AI on March 23, 2026 at 18:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install any vendor patch or newer version that removes the buffer overflow
  • If no patch is available, disable the ability to add new shares or restrict the Share Name field to a smaller length through configuration or custom scripting
  • Restart NetAware after changes to ensure the changes take effect
  • Monitor application stability and logs for unexpected crashes, indicating a potential attempt to trigger the buffer overflow

Generated by OpenCVE AI on March 23, 2026 at 18:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Spytech-web
Spytech-web netaware
CPEs cpe:2.3:a:spytech-web:netaware:1.20:*:*:*:*:*:*:*
Vendors & Products Spytech-web
Spytech-web netaware

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Infiltration-systems
Infiltration-systems netaware
Vendors & Products Infiltration-systems
Infiltration-systems netaware

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by pasting a 1000-byte buffer into the Share Name parameter when adding a new share through the Manage Shares interface.
Title NetAware 1.20 Share Name Denial of Service
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Infiltration-systems Netaware
Spytech-web Netaware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:55:46.692Z

Reserved: 2026-03-21T12:23:53.385Z

Link: CVE-2019-25546

cve-icon Vulnrichment

Updated: 2026-03-23T16:47:56.659Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:16.383

Modified: 2026-03-23T17:32:26.497

Link: CVE-2019-25546

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:36Z

Weaknesses