CVE-2020-37170

MEDIUM

TapinRadio < 2.12.3 - Denial of Service via Proxy Address Configuration Overwrite

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37170. PoCs published by chuyreds.

AI-analyzed exploit summary This PoC exploits a local Denial of Service (DoS) vulnerability in TapinRadio 2.12.3 by overflowing the 'address' field in the proxy settings with a large buffer of 'A' characters (0x41). The crash occurs when the malicious input is pasted into the proxy configuration, demonstrating a buffer overflow condition.

Description

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.

Exploits (1)

exploitdb WORKING POC

by chuyreds · pythondoswindows

https://www.exploit-db.com/exploits/48011

View Code ZIP pw:eip

This PoC exploits a local Denial of Service (DoS) vulnerability in TapinRadio 2.12.3 by overflowing the 'address' field in the proxy settings with a large buffer of 'A' characters (0x41). The crash occurs when the malicious input is pasted into the proxy configuration, demonstrating a buffer overflow condition.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: TapinRadio 2.12.3

No auth needed

Prerequisites: Local access to the target system · TapinRadio 2.12.3 installed · Ability to modify proxy settings in the application

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/48011

Various Sources product

https://www.raimersoft.com/php/tapinradio.php

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/tapinradio-address-denial-of-service

Scores

CVSS v3 6.2

EPSS 0.0023

EPSS Percentile 13.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

raimersoft/tapinradio < 2.12.3

Published Feb 07, 2026

Tracked Since Feb 18, 2026