CVE-2020-37194
Published: 11 February 2026
Summary
CVE-2020-37194 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsauditor (inferred from references). Its CVSS base score is 4.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2020-37194 is a denial-of-service vulnerability in Backup Key Recovery 2.2.5, stemming from CWE-120 (buffer copy without checking size of input). The issue allows attackers to crash the application by supplying an overly long registration key, such as a 1000-character payload pasted into the registration key field. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting high availability impact with no confidentiality or integrity effects.
Attackers can exploit this remotely over the network with low attack complexity, no privileges required, and no user interaction needed beyond the target's interaction with the registration feature. Successful exploitation results in an application crash, denying service to legitimate users of the software.
Advisories and proof-of-concept details are documented in references such as Exploit-DB (exploit 47864) and VulnCheck, with additional information at nsauditor.com. No patches or specific mitigations are detailed in the available description.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-31140
Vulnerability details
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to…
more
trigger an application crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in registration key input directly enables application crash for DoS via exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents the buffer overflow DoS by requiring validation of registration key inputs to reject overly long payloads before processing.
Enforces limits on the quantity of input in the registration key field, blocking 1000-character payloads that trigger the application crash.
Protects against denial-of-service vulnerabilities like this buffer overflow crash by limiting effects of oversized input attacks and identifying such events.