CVE-2020-37199

HighPublic PoC

Published: 11 February 2026

Published

11 February 2026

Modified

26 February 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0001 2.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37199 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsasoft Nbmonitor. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

NVD Description

NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.

Deeper analysisAI

CVE-2020-37199 is a denial of service vulnerability in NBMonitor version 1.6.6.0, specifically affecting the registration key input field. The flaw, classified as CWE-120 (Buffer Copy without Checking Size of Input), allows attackers to crash the application by pasting a 1000-character buffer payload into the 'Key' field. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high impact on availability with no confidentiality or integrity effects.

Any unauthenticated attacker (PR:N) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). Exploitation involves generating and submitting the oversized payload to the key field, resulting in an application crash and denial of service that disrupts NBMonitor's functionality.

Advisories and references, including a Vulncheck advisory on the NBMonitor key denial of service, an Exploit-DB proof-of-concept (ID 47866), and the NSAuditor website, document the issue but provide no specific details on patches or mitigations in the available CVE information.

Details

CWE(s): CWE-120

Affected Products

nsasoft

nbmonitor

≤ 1.6.6.0

CVEs Like This One

CVE-2021-47814Same product: Nsasoft Nbmonitor

CVE-2020-37207Same vendor: Nsasoft

CVE-2020-37130Same vendor: Nsasoft

CVE-2020-37212Same vendor: Nsasoft

CVE-2020-37201Same vendor: Nsasoft

CVE-2020-37206Same vendor: Nsasoft

CVE-2020-37211Same vendor: Nsasoft

CVE-2020-37196Same vendor: Nsasoft

CVE-2021-47815Same vendor: Nsasoft

CVE-2020-37204Same vendor: Nsasoft

References

http://www.nsauditor.com/
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/47866
Exploit, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/nbmonitor-key-denial-of-service
Third Party Advisory · disclosure@vulncheck.com