Exploitation Summary
EIP tracks 1 public exploit for CVE-2020-36880. PoCs published by MasterVlad.
AI-analyzed exploit summary This exploit leverages a local buffer overflow in DiskBoss 7.7.14 via the 'Reports and Data Directory' field, using an SEH egghunter and reverse shell payload to achieve remote code execution.
Description
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system.
Exploits (1)
exploitdb
WORKING POC
by MasterVlad · pythonlocalwindows
https://www.exploit-db.com/exploits/48689
This exploit leverages a local buffer overflow in DiskBoss 7.7.14 via the 'Reports and Data Directory' field, using an SEH egghunter and reverse shell payload to achieve remote code execution.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
DiskBoss 7.7.14
No auth needed
Prerequisites:
DiskBoss 7.7.14 installed on Windows 7 32-bit · Ability to paste malicious input into the application's configuration field
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/48689
Product technical-description
https://www.diskboss.com/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/flexsense-diskboss-reports-and-data-directory-buffer-overflow
Scores
CVSS v3
7.8
EPSS
0.0020
EPSS Percentile
10.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
Status
published
Products (2)
flexense/diskboss
7.7.14
Flexsense/DiskBoss
7.7.14
Published
Dec 05, 2025
Tracked Since
Feb 18, 2026