CVE-2020-0610

CRITICAL EXPLOITED RANSOMWARE

Windows Server 2012, 2016, 2019 - Unauthenticated Remote Code Execution via RD Gateway

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-0610 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns. EIP tracks 6 public exploits from researchers including ollypwn, ImBIOS, mrlayle.

AI-analyzed exploit summary This exploit targets CVE-2020-0610, a DoS vulnerability in the Windows Remote Desktop Gateway (RD Gateway) by sending malformed DTLS packets. It establishes a DTLS connection and sends fragmented packets to trigger a denial-of-service condition.

Description

A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.

Exploits (6)

exploitdb WORKING POC
by ollypwn · c++doswindows
https://www.exploit-db.com/exploits/47964

This exploit targets CVE-2020-0610, a DoS vulnerability in the Windows Remote Desktop Gateway (RD Gateway) by sending malformed DTLS packets. It establishes a DTLS connection and sends fragmented packets to trigger a denial-of-service condition.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows Remote Desktop Gateway (RD Gateway)
No auth needed
Prerequisites: Network access to the target RD Gateway · Open UDP port 3391 on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by ollypwn · c++doswindows
https://www.exploit-db.com/exploits/47963

This exploit targets CVE-2020-0610, a DoS vulnerability in the Windows Remote Desktop Gateway (RD Gateway) by sending malformed DTLS packets. The code establishes a DTLS connection and sends fragmented packets to trigger a denial-of-service condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows Remote Desktop Gateway (RD Gateway)
No auth needed
Prerequisites: Network access to the target RD Gateway · OpenSSL library for DTLS communication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 2 stars
by ImBIOS · poc
https://github.com/ImBIOS/lab-cve-2020-0610

This repository provides a comprehensive lab setup guide for CVE-2020-0610, a critical RCE vulnerability in Windows RD Gateway. It includes PowerShell scripts for firewall configuration and system validation, along with instructions for testing using Nuclei scanner.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows Remote Desktop Gateway (RD Gateway) on Windows Server 2012/2012 R2/2016/2019
No auth needed
Prerequisites: Unpatched Windows Server with RD Gateway role enabled · UDP transport enabled on port 3391 · Network access to target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
gitlab WORKING POC
by mrlayle · poc
https://gitlab.com/mrlayle/BlueGate

This repository contains functional exploit code for CVE-2020-0610, a Remote Desktop Gateway vulnerability. It includes a DoS exploit (`dos.py`) and a scanner (`check.py`) to detect vulnerable targets.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Remote Desktop Gateway (RD Gateway)
No auth needed
Prerequisites: Network access to the target RD Gateway service · Python environment with `pydtls` library
devstral-2 · analyzed Feb 23, 2026 Full analysis →
nomisec WRITEUP
by Riocipta75 · poc
https://github.com/Riocipta75/lab-cve-2020-0610

This repository provides educational materials and PowerShell scripts to demonstrate the setup and validation of CVE-2020-0610, a vulnerability in Windows RD Gateway. It includes scripts to add firewall rules and check system configurations but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Windows RD Gateway
No auth needed
Prerequisites: Windows 10 or later · RD Gateway role installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
patchapalooza WORKING POC
by ind3p3nd3nt · dos
https://gitlab.com/ind3p3nd3nt/BlueGate

This repository contains a functional Python-based PoC for CVE-2020-0610, which exploits a heap-based out-of-bounds write vulnerability in the RD Gateway service. The exploit includes both a vulnerability scanner and a DoS trigger, leveraging crafted DTLS packets to manipulate fragment IDs and lengths.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Remote Desktop Gateway (RD Gateway)
No auth needed
Prerequisites: Network access to the target RD Gateway service (UDP port 3391) · Python 3 with pyOpenSSL library
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.7990
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2020-01-14
Ransomware Use Confirmed
Status published
Products (4)
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
microsoft/windows_server_2016
microsoft/windows_server_2019
Published Jan 14, 2020
Tracked Since Feb 18, 2026