CVE-2018-25344

10-Strike Network Inventory Explorer 8.54 Buffer Overflow SEH

CVSS 8.6 HIGHEPSS 0.2%CWE-121

Vexday Risk Score

41Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 8.6EPSS 0.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

23 may 2026Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string with 4188 bytes of padding followed by SEH chain values and shellcode, then paste it into the registration dialog to achieve code execution with application privileges.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

10-Strike · Network Inventory Explorer

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/44840no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.10-strike.com/https://www.exploit-db.com/exploits/44840 https://www.vulncheck.com/advisories/10-strike-network-inventory-explorer-buffer-overflow-seh