CVE-2020-37204
Published: 11 February 2026
Summary
CVE-2020-37204 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsasoft Remshutdown. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.
NVD Description
RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
Deeper analysisAI
CVE-2020-37204 is a denial of service vulnerability in RemShutdown 2.9.0.0, specifically affecting the registration key input field. The flaw allows attackers to crash the application by pasting a 1000-character buffer payload into this field. It stems from CWE-120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Attackers require no privileges or user interaction and can exploit the issue over the network with low complexity. Successful exploitation crashes the RemShutdown application, resulting in a high-impact denial of service on availability.
Advisories and related resources include the vendor site at http://www.nsauditor.com/, a proof-of-concept exploit at https://www.exploit-db.com/exploits/47863, and a VulnCheck advisory at https://www.vulncheck.com/advisories/remshutdown-key-denial-of-service, which may provide further details on mitigations.
Details
- CWE(s)