CVE-2021-47815

HighPublic PoC

Published: 16 January 2026

Published

16 January 2026

Modified

01 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0002 4.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47815 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsasoft Nsauditor. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 4.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

NVD Description

Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application crash.

Deeper analysisAI

CVE-2021-47815 is a denial of service vulnerability in Nsauditor 3.2.3, a network security auditing tool. The flaw occurs in the registration code input field, known as the 'Key' field, where attackers can paste a large buffer consisting of 256 repeated characters to trigger an application crash. This issue maps to CWE-120 (Buffer Copy without Checking Size of Input) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its impact on availability.

Any unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction or privileges required. Exploitation causes the Nsauditor application to crash, resulting in a denial of service that disrupts the tool's functionality for affected users.

Advisories and references include the vendor site at http://www.nsauditor.com, a proof-of-concept exploit documented at https://www.exploit-db.com/exploits/49965, and a VulnCheck advisory at https://www.vulncheck.com/advisories/nsauditor-denial-of-service-poc. Security practitioners should review these sources for any available patches or mitigation guidance.

Details

CWE(s): CWE-120

Affected Products

nsasoft

nsauditor

≤ 3.2.7

CVEs Like This One

CVE-2020-37130Same product: Nsasoft Nsauditor

CVE-2020-37119Same product: Nsasoft Nsauditor

CVE-2018-25213Same product: Nsasoft Nsauditor

CVE-2021-47895Same product: Nsasoft Nsauditor

CVE-2020-37207Same vendor: Nsasoft

CVE-2020-37212Same vendor: Nsasoft

CVE-2021-47814Same vendor: Nsasoft

CVE-2020-37201Same vendor: Nsasoft

CVE-2020-37206Same vendor: Nsasoft

CVE-2020-37199Same vendor: Nsasoft

References

http://www.nsauditor.com
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/49965
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/nsauditor-denial-of-service-poc
Third Party Advisory · disclosure@vulncheck.com