CVE-2020-37171
Denial of Service in TapinRadio Proxy Username Configuration
Publication date: 2026-02-07
Last updated on: 2026-02-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| raimersoft | tapinradio | to 2.12.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2020-37171 is a denial of service vulnerability in TapinRadio version 2.12.3 that affects the application's proxy username configuration."}, {'type': 'paragraph', 'content': 'A local attacker can exploit this vulnerability by inputting an excessively long string (around 10,000 bytes) into the username field of the proxy settings, which causes the application to crash.'}, {'type': 'paragraph', 'content': 'This crash disrupts normal program functionality, effectively causing a denial of service.'}] [1, 2]
How can this vulnerability impact me? :
The vulnerability allows a local attacker to crash the TapinRadio application by overwriting the proxy username field with a large amount of data.
This results in a denial of service, preventing normal use of the application.
Since the attack requires local access and user interaction, it may disrupt availability but does not compromise confidentiality or integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the TapinRadio application version 2.12.3 or earlier is installed and if the application proxy username field can be overwritten with a very long string (around 10,000 characters) causing the application to crash.'}, {'type': 'paragraph', 'content': "A practical detection method involves attempting to input a long string of characters (e.g., 10,000 'A's) into the username field under Settings > Preferences > Miscellaneous > Set Application Proxy in TapinRadio and observing if the application crashes."}, {'type': 'paragraph', 'content': 'There is a known Python script exploit that writes a long string to a file and copies it to the clipboard for pasting into the username field, which can be adapted as a test.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, avoid allowing untrusted local users to access or modify the TapinRadio proxy username configuration.
Restrict local user permissions to prevent unauthorized changes to the application settings.
If possible, update or patch TapinRadio to a version where this vulnerability is fixed, or consider disabling the proxy username configuration feature until a fix is available.