{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25228", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-30T10:54:16.108Z", "datePublished": "2026-03-30T11:02:21.149Z", "dateUpdated": "2026-04-01T18:05:38.384Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-30T11:02:21.149Z"}, "datePublic": "2018-02-17T00:00:00.000Z", "title": "NetSetMan 4.7.1 Workgroup Buffer Overflow Denial of Service", "descriptions": [{"lang": "en", "value": "NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Netsetman", "product": "NetSetMan", "versions": [{"version": "4.7.1", "status": "affected"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:5.0.0:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:-:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.0.0:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.0.1:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.0.2:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.0.3:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.0.4:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.1.0:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.1.1:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.1.2:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.1.3:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.1.4:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.2.0:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.2.1:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.2.2:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.2.3:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.3.0:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.3.1:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.3.2:*:*:*:pro:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:netsetman:netsetman:4.3.3:*:*:*:pro:*:*:*"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46417", "name": "ExploitDB-46417", "tags": ["exploit"]}, {"url": "https://www.netsetman.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.netsetman.com/netsetman.exe", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: NetSetMan 4.7.1 Workgroup Buffer Overflow Denial of Service", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/netsetman-workgroup-buffer-overflow-denial-of-service"}], "credits": [{"lang": "en", "value": "Victor Mondrag\u00f3n", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:05:20.684928Z", "id": "CVE-2018-25228", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:05:38.384Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25228", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T18:05:20.684928Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:05:34.633Z"}}], "cna": {"title": "NetSetMan 4.7.1 Workgroup Buffer Overflow Denial of Service", "credits": [{"lang": "en", "type": "finder", "value": "Victor Mondrag\u00f3n"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Netsetman", "product": "NetSetMan", "versions": [{"status": "affected", "version": "4.7.1"}]}], "datePublic": "2018-02-17T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46417", "name": "ExploitDB-46417", "tags": ["exploit"]}, {"url": "https://www.netsetman.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.netsetman.com/netsetman.exe", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/netsetman-workgroup-buffer-overflow-denial-of-service", "name": "VulnCheck Advisory: NetSetMan 4.7.1 Workgroup Buffer Overflow Denial of Service", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netsetman:netsetman:5.0.0:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:-:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.0.0:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.0.1:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.0.2:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.0.3:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.0.4:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.1.0:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.1.1:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.1.2:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.1.3:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.1.4:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.2.0:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.2.1:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.2.2:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.2.3:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.3.0:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.3.1:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.3.2:*:*:*:pro:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsetman:netsetman:4.3.3:*:*:*:pro:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-30T11:02:21.149Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25228", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:05:38.384Z", "dateReserved": "2026-03-30T10:54:16.108Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-30T11:02:21.149Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netsetman:netsetman:4.7.1:*:*:*:pro:*:*:*", "matchCriteriaId": "1666C575-7FBD-4AD6-AA22-C3F3CA731EE7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of service condition."}, {"lang": "es", "value": "NetSetMan 4.7.1 contiene una vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n Workgroup que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar una entrada de tama\u00f1o excesivo. Los atacantes pueden crear un archivo de configuraci\u00f3n malicioso con datos excesivos y pegarlo en el campo Workgroup para desencadenar una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2018-25228", "lastModified": "2026-04-08T18:34:13.440", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-30T12:16:16.150", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46417"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.netsetman.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.netsetman.com/netsetman.exe"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/netsetman-workgroup-buffer-overflow-denial-of-service"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.7.1"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "NetSetMan", "source": "cna", "vendor": "Netsetman"}, "product": "netsetman", "vendor": "netsetman"}], "analysis": {"en": {"generated_at": "2026-04-08T19:39:51.884820+00:00", "value": {"mitigation_remediation": ["Upgrade NetSetMan to version 5.0.0 or later.", "If upgrade is not immediately possible, delete or sanitize any malicious configuration files and restrict local user access to the Workgroup feature.", "Monitor the application for crashes and enforce strict user permissions on configuration files."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is NetSetMan from Netsetman, specifically versions 4.0.0 through 4.7.1 running in the professional edition. The vulnerability is referenced by its CPE identifiers for each of those releases, and any user running the 4.x series, particularly 4.7.1, is susceptible. The 5.0.0 release is not listed as affected, implying it is not impacted.", "description_and_impact": "NetSetMan 4.7.1 contains a buffer overflow in the Workgroup feature that can be triggered by supplying an oversized configuration string. When an attacker creates a malicious file with excessive data and pastes it into the Workgroup field, the application crashes, resulting in a denial of service. The vulnerability is a classic stack\u2011based overflow (CWE\u2011787) that compromises the integrity of the application process.", "risk_and_exploitability": "With a CVSS score of 6.9, the risk is moderate but the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in CISA\u2019s KEV catalogs, so it is not a widely known, actively exploited flaw. The local attacker must have access to the target system to supply the configuration file, so the likelihood of remote exploitation is low; however, any local user could easily trigger a denial of service."}}}}, "created": "2026-03-30T20:55:56.154264+00:00", "updated": "2026-04-08T20:00:45.937228+00:00", "vendors": ["netsetman", "netsetman$PRODUCT$netsetman"]}