CVE-2021-27722

HIGH

Nsasoft US LLC SpotAuditor <5.3.5 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-27722. PoCs published by Sinem Şahin, Enes Özeser.

AI-analyzed exploit summary This exploit generates a payload file containing a buffer of 300 'A' characters to trigger a denial of service in Product Key Explorer 4.2.7 when pasted into the registration code field. The PoC is straightforward and demonstrates a crash via buffer overflow.

Description

An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Sinem Şahin · pythondoswindows
https://www.exploit-db.com/exploits/49590

This exploit generates a payload file containing a buffer of 300 'A' characters to trigger a denial of service in Product Key Explorer 4.2.7 when pasted into the registration code field. The PoC is straightforward and demonstrates a crash via buffer overflow.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Product Key Explorer 4.2.7
No auth needed
Prerequisites: Product Key Explorer 4.2.7 installed · ability to run the script and paste the payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Enes Özeser · pythondoswindows
https://www.exploit-db.com/exploits/49638

This exploit is a proof-of-concept for a denial-of-service vulnerability in Nsasoft Hardware Software Inventory 1.6.4.0. It generates a payload file containing a buffer of 300 'A' characters, which when pasted into the 'Key' or 'Name' field during registration, causes the application to crash.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Nsasoft Hardware Software Inventory 1.6.4.0
No auth needed
Prerequisites: Access to the registration interface of the target software
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Not Applicable, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49590
Not Applicable, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49638

Scores

CVSS v3 7.5
EPSS 0.0134
EPSS Percentile 67.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-120
Status published
Products (1)
nsasoft/spotauditor 5.3.5
Published Nov 02, 2021
Tracked Since Feb 18, 2026