CVE-2020-37171
Unknown Unknown - Not Provided
Denial of Service in TapinRadio Proxy Username Configuration

Publication date: 2026-02-07

Last updated on: 2026-02-19

Assigner: VulnCheck

Description
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-07
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2026-02-07
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37171
EUVD
EUVD-2020-31120
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
raimersoft tapinradio to 2.12.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2020-37171 is a denial of service vulnerability in TapinRadio version 2.12.3 that affects the application's proxy username configuration."}, {'type': 'paragraph', 'content': 'A local attacker can exploit this vulnerability by inputting an excessively long string (around 10,000 bytes) into the username field of the proxy settings, which causes the application to crash.'}, {'type': 'paragraph', 'content': 'This crash disrupts normal program functionality, effectively causing a denial of service.'}] [1, 2]

Impact Analysis

The vulnerability allows a local attacker to crash the TapinRadio application by overwriting the proxy username field with a large amount of data.

This results in a denial of service, preventing normal use of the application.

Since the attack requires local access and user interaction, it may disrupt availability but does not compromise confidentiality or integrity.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the TapinRadio application version 2.12.3 or earlier is installed and if the application proxy username field can be overwritten with a very long string (around 10,000 characters) causing the application to crash.'}, {'type': 'paragraph', 'content': "A practical detection method involves attempting to input a long string of characters (e.g., 10,000 'A's) into the username field under Settings > Preferences > Miscellaneous > Set Application Proxy in TapinRadio and observing if the application crashes."}, {'type': 'paragraph', 'content': 'There is a known Python script exploit that writes a long string to a file and copies it to the clipboard for pasting into the username field, which can be adapted as a test.'}] [1]

Mitigation Strategies

To mitigate this vulnerability immediately, avoid allowing untrusted local users to access or modify the TapinRadio proxy username configuration.

Restrict local user permissions to prevent unauthorized changes to the application settings.

If possible, update or patch TapinRadio to a version where this vulnerability is fixed, or consider disabling the proxy username configuration feature until a fix is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37171. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart