CVE-2021-47815
Published: 16 January 2026
Summary
CVE-2021-47815 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsasoft Nsauditor. Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 10.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2021-47815 is a denial of service vulnerability in Nsauditor 3.2.3, a network security auditing tool. The flaw occurs in the registration code input field, known as the 'Key' field, where attackers can paste a large buffer consisting of 256 repeated characters to trigger an application crash. This issue maps to CWE-120 (Buffer Copy without Checking Size of Input) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its impact on availability.
Any unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction or privileges required. Exploitation causes the Nsauditor application to crash, resulting in a denial of service that disrupts the tool's functionality for affected users.
Advisories and references include the vendor site at http://www.nsauditor.com, a proof-of-concept exploit documented at https://www.exploit-db.com/exploits/49965, and a VulnCheck advisory at https://www.vulncheck.com/advisories/nsauditor-denial-of-service-poc. Security practitioners should review these sources for any available patches or mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3028
Vulnerability details
Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in input field directly enables application crash for DoS via exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the buffer overflow by requiring validation of input size and content in the registration 'Key' field to prevent crashes from oversized buffers.
Mandates identification, reporting, and timely remediation of the specific buffer copy without size check flaw in Nsauditor 3.2.3.
Implements mechanisms to limit or detect denial-of-service events like the network-accessible application crash triggered by repeated character buffers.