CVE-2020-37205

HighPublic PoC

Published: 11 February 2026

Published

11 February 2026

Modified

20 February 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0002 4.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37205 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsasoft Remshutdown. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

NVD Description

RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application…

crash.

Deeper analysisAI

CVE-2020-37205 is a denial of service vulnerability in RemShutdown 2.9.0.0, stemming from a buffer overflow in the 'Name' registration field (CWE-120). Attackers can trigger the issue by submitting oversized input, such as a 1000-character payload, leading to an application crash. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high availability impact with network accessibility and no prerequisites for exploitation.

Any remote attacker can exploit this vulnerability without privileges or user interaction by pasting a specially crafted 1000-character buffer payload into the registration name field, causing the RemShutdown application to crash and deny service to legitimate users.

Advisories and related resources include the VulnCheck advisory at https://www.vulncheck.com/advisories/remshutdown-name-denial-of-service, a proof-of-concept exploit on Exploit-DB at https://www.exploit-db.com/exploits/47865, and the vendor site at http://www.nsauditor.com/. No patch details are specified in available information.

Details

CWE(s): CWE-120

Affected Products

nsasoft

remshutdown

2.9.0.0

CVEs Like This One

CVE-2020-37204Same product: Nsasoft Remshutdown

CVE-2020-37207Same vendor: Nsasoft

CVE-2020-37130Same vendor: Nsasoft

CVE-2020-37212Same vendor: Nsasoft

CVE-2021-47814Same vendor: Nsasoft

CVE-2020-37201Same vendor: Nsasoft

CVE-2020-37206Same vendor: Nsasoft

CVE-2020-37199Same vendor: Nsasoft

CVE-2020-37211Same vendor: Nsasoft

CVE-2020-37196Same vendor: Nsasoft

References

http://www.nsauditor.com/
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/47865
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/remshutdown-name-denial-of-service
Third Party Advisory · disclosure@vulncheck.com