CVE-2020-37171 | THREATINT

Description

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.

PUBLISHED Reserved 2026-02-06 | Published 2026-02-06 | Updated 2026-02-17 | Assigner VulnCheck

MEDIUM: 6.7CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

2.12.3

affected

Credits

chuyreds finder

References

www.exploit-db.com/exploits/48013 (ExploitDB-48013) exploit

www.raimersoft.com/php/tapinradio.php (TapinRadio Product Webpage) product

www.vulncheck.com/...s/tapinradio-username-denial-of-service (VulnCheck Advisory: TapinRadio 2.12.3 - 'username' Denial of Service) third-party-advisory

cve.org (CVE-2020-37171)

nvd.nist.gov (CVE-2020-37171)

Download JSON