Cyber Resilience

CVE-2020-37175

MediumPublic PoC

Published: 11 February 2026

Published
11 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 13.1th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37175 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Cnet (inferred from references). Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2020-37175 is a denial-of-service vulnerability in the P2PWIFICAM2 application for iOS 10.4.1, stemming from a buffer overflow condition classified under CWE-120. The flaw occurs in the Camera ID input field, where processing a specially crafted 257-character buffer causes the application to crash on affected iOS devices. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for significant availability impact without requiring authentication or user interaction.

Remote attackers can exploit this vulnerability without privileges by supplying a malicious 257-character string to the Camera ID field, triggering an immediate application crash. This denies service to legitimate users of the P2PWIFICAM2 app, potentially disrupting camera monitoring or related functionality on the targeted iOS device until the app is restarted.

Advisories and references, including those from Vulncheck and Exploit-DB, document the issue with proof-of-concept details, such as the specific exploit available at exploit-db.com/exploits/47993, confirming reliable reproduction of the crash. No patches or vendor-specific mitigations are detailed in the provided information, though practitioners should recommend updating the application if newer versions address the flaw or advise input validation in similar apps.

EU & UK References

Vulnerability details

P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash…

more

on iOS devices.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in client app input field directly enables application exploitation resulting in crash and denial of service (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20115Shared CWE-120
CVE-2020-37205Shared CWE-120
CVE-2026-28875Shared CWE-120
CVE-2020-37194Shared CWE-120
CVE-2020-37180Shared CWE-120
CVE-2024-24419Shared CWE-120
CVE-2019-25353Shared CWE-120
CVE-2026-30075Shared CWE-120
CVE-2020-37213Shared CWE-120
CVE-2021-47798Shared CWE-120

Affected Assets

Cnet
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates Camera ID inputs for length and content to directly prevent buffer overflows from 257-character strings.

prevent

Implements denial-of-service protections to mitigate application crashes triggered by malicious oversized inputs.

prevent

Provides memory protection mechanisms like bounds checking to reduce the impact of buffer overflows in Camera ID processing.

References