CVE-2020-37171

MEDIUM

TapinRadio < 2.12.3 - Denial of Service via Username Field Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37171. PoCs published by chuyreds.

AI-analyzed exploit summary This PoC exploits a local Denial of Service (DoS) vulnerability in TapinRadio 2.12.3 by overflowing the 'username' field with a large buffer of 'A' characters (0x41). The crash occurs when the malicious input is pasted into the proxy settings, demonstrating a buffer overflow condition.

Description

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.

Exploits (1)

exploitdb WORKING POC
by chuyreds · pythondoswindows
https://www.exploit-db.com/exploits/48013

This PoC exploits a local Denial of Service (DoS) vulnerability in TapinRadio 2.12.3 by overflowing the 'username' field with a large buffer of 'A' characters (0x41). The crash occurs when the malicious input is pasted into the proxy settings, demonstrating a buffer overflow condition.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: TapinRadio 2.12.3
No auth needed
Prerequisites: Local access to the target system · TapinRadio 2.12.3 installed · Ability to modify proxy settings in the application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/48013

Scores

CVSS v3 6.2
EPSS 0.0023
EPSS Percentile 13.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-120
Status published
Products (1)
raimersoft/tapinradio < 2.12.3
Published Feb 07, 2026
Tracked Since Feb 18, 2026