CVE-2020-37175
Published: 11 February 2026
Summary
CVE-2020-37175 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Cnet (inferred from references). Its CVSS base score is 4.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2020-37175 is a denial-of-service vulnerability in the P2PWIFICAM2 application for iOS 10.4.1, stemming from a buffer overflow condition classified under CWE-120. The flaw occurs in the Camera ID input field, where processing a specially crafted 257-character buffer causes the application to crash on affected iOS devices. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for significant availability impact without requiring authentication or user interaction.
Remote attackers can exploit this vulnerability without privileges by supplying a malicious 257-character string to the Camera ID field, triggering an immediate application crash. This denies service to legitimate users of the P2PWIFICAM2 app, potentially disrupting camera monitoring or related functionality on the targeted iOS device until the app is restarted.
Advisories and references, including those from Vulncheck and Exploit-DB, document the issue with proof-of-concept details, such as the specific exploit available at exploit-db.com/exploits/47993, confirming reliable reproduction of the crash. No patches or vendor-specific mitigations are detailed in the provided information, though practitioners should recommend updating the application if newer versions address the flaw or advise input validation in similar apps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-31059
Vulnerability details
P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash…
more
on iOS devices.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in client app input field directly enables application exploitation resulting in crash and denial of service (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates Camera ID inputs for length and content to directly prevent buffer overflows from 257-character strings.
Implements denial-of-service protections to mitigate application crashes triggered by malicious oversized inputs.
Provides memory protection mechanisms like bounds checking to reduce the impact of buffer overflows in Camera ID processing.