CVE-2020-37170
Unknown Unknown - Not Provided

Denial of Service in TapinRadio Proxy Address Configuration

Vulnerability report for CVE-2020-37170, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-07

Last updated on: 2026-02-19

Assigner: VulnCheck

Description

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-07
Last Modified
2026-02-19
Generated
2026-07-06
AI Q&A
2026-02-07
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
raimersoft tapinradio to 2.12.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2020-37170 is a denial of service (DoS) vulnerability in TapinRadio version 2.12.3. It occurs when a local attacker inputs a specially crafted string of 3000 bytes into the application's proxy address configuration field. This causes the application to crash by overwriting the address field with excessive data, disrupting normal program functionality."}, {'type': 'paragraph', 'content': 'The vulnerability is a classic buffer overflow issue (CWE-120), where the application does not properly check the size of the input before copying it, leading to the crash.'}] [1, 2]

Impact Analysis

This vulnerability can cause the TapinRadio application to crash, resulting in a denial of service. An attacker with local access can exploit this by entering a large amount of arbitrary data into the proxy address field, which prevents the application from functioning normally.

The impact is primarily on availability, as the application becomes unusable until restarted or fixed. This could disrupt users who rely on TapinRadio for streaming internet radio.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability is local and requires user interaction within the TapinRadio application. Detection involves verifying if the application is vulnerable to a denial of service condition triggered by overwriting the proxy address field with a large input.'}, {'type': 'paragraph', 'content': "A practical detection method is to attempt the exploit in a controlled environment by creating a text file containing 3000 'A' characters, copying it to the clipboard, and pasting it into the 'Address' field under 'Settings' > 'Preferences' > 'Miscellaneous' > 'Set Application Proxy...' in TapinRadio version 2.12.3. If the application crashes, it confirms the vulnerability."}, {'type': 'list_item', 'content': 'Create a file named tapin_add.txt with 3000 \'A\' characters: `python -c "print(\'A\'*3000)" > tapin_add.txt`'}, {'type': 'list_item', 'content': 'Open tapin_add.txt, copy all content to clipboard.'}, {'type': 'list_item', 'content': 'Open TapinRadio, navigate to Settings > Preferences > Miscellaneous > Set Application Proxy...'}, {'type': 'list_item', 'content': "Paste the clipboard content into the 'Address' field, fill in arbitrary values for 'Port' (e.g., 444), 'Username' (e.g., test), and 'Password' (e.g., 1234), then confirm."}, {'type': 'paragraph', 'content': 'If the application crashes, the vulnerability is present.'}] [1, 2]

Mitigation Strategies

[{'type': 'paragraph', 'content': "To mitigate this vulnerability, immediate steps include avoiding the use of the proxy address configuration feature in TapinRadio version 2.12.3 or earlier, especially refraining from pasting large or untrusted input into the 'Address' field."}, {'type': 'paragraph', 'content': 'Since the vulnerability requires local user interaction, restricting access to the application and limiting user permissions can reduce the risk.'}, {'type': 'paragraph', 'content': 'Additionally, upgrading to a newer version of TapinRadio where this vulnerability is fixed (such as versions later than 2.12.3) is recommended.'}] [2, 3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37170. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart