CVE-2020-37130

HighPublic PoC

Published: 05 February 2026

Published

05 February 2026

Modified

01 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0002 4.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37130 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsasoft Nsauditor. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

NVD Description

Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted…

into the registration name field.

Deeper analysisAI

CVE-2020-37130 is a denial of service vulnerability in Nsauditor 3.2.0.0, specifically affecting the registration name input field. Attackers can trigger an application crash by pasting a malicious payload of 1000 bytes of repeated characters into this field. The flaw is associated with CWE-120 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with no confidentiality or integrity effects.

Any unauthenticated attacker (PR:N) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). Exploitation leads to a complete denial of service by crashing the Nsauditor application, disrupting its functionality for the targeted user.

References for this CVE include the vendor site at http://www.nsauditor.com, a proof-of-concept exploit at https://www.exploit-db.com/exploits/48286, and an advisory from VulnCheck at https://www.vulncheck.com/advisories/nsauditor-name-denial-of-service. No specific patch or mitigation details are provided in the available information.

Details

CWE(s): CWE-120

Affected Products

nsasoft

nsauditor

≤ 3.2.7

CVEs Like This One

CVE-2021-47815Same product: Nsasoft Nsauditor

CVE-2020-37119Same product: Nsasoft Nsauditor

CVE-2018-25213Same product: Nsasoft Nsauditor

CVE-2021-47895Same product: Nsasoft Nsauditor

CVE-2020-37207Same vendor: Nsasoft

CVE-2020-37212Same vendor: Nsasoft

CVE-2021-47814Same vendor: Nsasoft

CVE-2020-37201Same vendor: Nsasoft

CVE-2020-37206Same vendor: Nsasoft

CVE-2020-37199Same vendor: Nsasoft

References

http://www.nsauditor.com
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/48286
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/nsauditor-name-denial-of-service
Third Party Advisory · disclosure@vulncheck.com