CVE-2020-37166

MEDIUM

AbsoluteTelnet 11.12 - Denial of Service via SSH2 Username Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37166. PoCs published by chuyreds.

AI-analyzed exploit summary This PoC exploits a denial of service vulnerability in AbsoluteTelnet 11.12 by overflowing the 'SSH2/username' field with a large buffer of 'A' characters, causing the application to crash. The exploit requires manual steps to trigger the crash by pasting the malicious input into the username field.

Description

AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate.

Exploits (1)

exploitdb WORKING POC

by chuyreds · pythondoswindows

https://www.exploit-db.com/exploits/48010

View Code ZIP pw:eip

This PoC exploits a denial of service vulnerability in AbsoluteTelnet 11.12 by overflowing the 'SSH2/username' field with a large buffer of 'A' characters, causing the application to crash. The exploit requires manual steps to trigger the crash by pasting the malicious input into the username field.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: AbsoluteTelnet 11.12

No auth needed

Prerequisites: AbsoluteTelnet 11.12 installed on Windows · User interaction to paste malicious input

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/48010

Various Sources product

https://www.celestialsoftware.net/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/absolutetelnet-sshusername-denial-of-service

Scores

CVSS v3 6.2

EPSS 0.0021

EPSS Percentile 11.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

celestialsoftware/absolutetelnet 11.12

Published Feb 07, 2026

Tracked Since Feb 18, 2026