CVE-2020-37122
Published: 07 February 2026
Summary
CVE-2020-37122 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Nsauditor (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, ranked at the 2.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
NVD Description
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code…
more
to trigger the application crash.
Deeper analysisAI
CVE-2020-37122 is a denial of service vulnerability in SpotFTP-FTP Password Recover version 2.4.8, stemming from a buffer overflow classified under CWE-121. The flaw allows attackers to crash the application by supplying a specially crafted registration code, such as a text file containing 1000 'Z' characters. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high availability impact without confidentiality or integrity effects.
Attackers can exploit this vulnerability remotely over the network with low attack complexity, requiring no privileges, authentication, or user interaction. Successful exploitation results in application denial of service through crashing, rendering the software unavailable.
References include vendor pages at nsauditor.com and nsauditor.com/spotftp.html, an Exploit-DB proof-of-concept at exploit-db.com/exploits/48132 demonstrating the crash via the oversized registration code, and a Vulncheck advisory at vulncheck.com/advisories/spotftp-ftp-password-recover-denial-of-service documenting the buffer overflow issue. No patch or mitigation details are specified in the provided references.
Details
- CWE(s)