CVE-2021-47814
Published: 16 January 2026
Summary
CVE-2021-47814 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsasoft Nbmonitor. Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 10.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2021-47814 is a denial-of-service vulnerability in NBMonitor version 1.6.8, stemming from a buffer overflow in the registration code input field, classified as CWE-120. Attackers can trigger an application crash and potential system instability by pasting a 256-character buffer into the registration key field. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high availability impact.
The vulnerability enables remote exploitation over the network with low complexity, requiring no authentication privileges or user interaction. Unauthenticated attackers can achieve a crash of the NBMonitor application, disrupting its functionality and potentially causing broader system instability.
References include advisories and proof-of-concept exploits, such as Exploit-DB entry 49964 and a VulnCheck advisory on the NBMonitor denial-of-service PoC, along with details from nsauditor.com. No specific patches or mitigation steps are outlined in the provided references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3019
Vulnerability details
NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential…
more
system instability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow enables targeted application crash via exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents the buffer overflow DoS by requiring validation of registration code input length and format to reject oversized inputs like the 256-character buffer.
Protects against or limits the impact of denial-of-service events such as remote application crashes triggered by malformed registration key inputs.
Mitigates buffer overflow effects through memory protections like stack guards, ASLR, and DEP, reducing the likelihood of successful crashes from input overflows.