CVE-2020-37170 | THREATINT

Description

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.

PUBLISHED Reserved 2026-02-06 | Published 2026-02-06 | Updated 2026-02-17 | Assigner VulnCheck

MEDIUM: 6.7CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

2.12.3

affected

Credits

chuyreds finder

References

www.exploit-db.com/exploits/48011 (ExploitDB-48011) exploit

www.raimersoft.com/php/tapinradio.php (TapinRadio Product Webpage) product

www.vulncheck.com/...es/tapinradio-address-denial-of-service (VulnCheck Advisory: TapinRadio 2.12.3 - 'address' Denial of Service) third-party-advisory

cve.org (CVE-2020-37170)

nvd.nist.gov (CVE-2020-37170)

Download JSON