Cyber Resilience

CVE-2020-37177

MediumPublic PoC

Published: 11 February 2026

Published
11 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 13.1th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37177 is a medium-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Weird Solutions (inferred from references). Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2020-37177 is a denial of service vulnerability affecting BOOTP Turbo 2.0. The flaw enables attackers to crash the application by overwriting the Structured Exception Handler (SEH) chain through a specially crafted malicious payload of 2196 bytes containing specific byte patterns. This triggers an application crash and SEH corruption. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-121 (Stack-based Buffer Overflow).

Remote attackers can exploit this vulnerability without privileges or user interaction by sending the malicious payload over the network to a vulnerable BOOTP Turbo 2.0 instance. Successful exploitation results in a denial of service, rendering the application unavailable due to the crash.

Advisories and related resources include a proof-of-concept exploit at https://www.exploit-db.com/exploits/47955, a VulnCheck advisory detailing the BOOTP Turbo denial of service via SEH at https://www.vulncheck.com/advisories/bootp-turbo-denial-of-service-seh, and the vendor site at https://www.weird-solutions.com. No specific patches or mitigations are detailed in the provided information.

EU & UK References

Vulnerability details

BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application…

more

crash and corrupt the SEH chain.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Stack buffer overflow enables remote application crash via SEH overwrite, directly matching application exploitation for endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2020-37198Shared CWE-121
CVE-2019-25328Shared CWE-121
CVE-2025-1758Shared CWE-121
CVE-2026-36837Shared CWE-121
CVE-2019-25340Shared CWE-121
CVE-2025-50659Shared CWE-121
CVE-2020-37122Shared CWE-121
CVE-2020-37136Shared CWE-121
CVE-2019-25341Shared CWE-121
CVE-2025-70252Shared CWE-121

Affected Assets

Weird Solutions
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates validation of incoming BOOTP packets to reject oversized or malformed payloads of 2196 bytes that trigger the stack-based buffer overflow and SEH overwrite.

prevent

Enforces memory protections like stack canaries, ASLR, and DEP to block SEH chain corruption from buffer overflow exploits.

preventdetect

Implements DoS protections such as rate limiting and network filtering to thwart remote crash attempts via crafted malicious payloads.

References