CVE-2020-37191
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service via Input Overflow in Dialup Password Recovery

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description
Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and Registration Code input fields.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2020-37191
EUVD
EUVD-2020-31144
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
top_password_software dialup_password_recovery to 1.30 (exc)
top_password_software dialup_password_recovery 1.30
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37191 is a denial of service vulnerability in Top Password Software Dialup Password Recovery version 1.30 and earlier. It occurs because the software does not properly check the size of input fields, leading to a buffer overflow when a large payload of about 5000 characters is inserted into the User Name or Registration Code fields.

This overflow causes the application to crash, making it unavailable to legitimate users.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition where the application crashes and becomes unusable.

An attacker can exploit this by locally providing a specially crafted input of 5000 characters into the User Name or Registration Code fields, causing the software to stop functioning.

This can disrupt normal operations that depend on the software, potentially causing downtime or loss of access to password recovery functionality.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to input a large payload of approximately 5000 characters into the User Name and Registration Code input fields of the Top Password Software Dialup Password Recovery application. If the application crashes or becomes unresponsive, it indicates the presence of the vulnerability.'}, {'type': 'paragraph', 'content': "A practical detection method is to use a script or command that inputs a 5000-character string (such as 5000 'A's) into these fields and observe the application's behavior."}, {'type': 'paragraph', 'content': 'For example, a simple Python script can be used to generate the payload and write it to a file, which can then be used as input to the application to trigger the crash.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the vulnerable input fields with excessively large inputs, especially inputs around 5000 characters, to prevent triggering the denial of service condition.

Restrict access to the application to trusted users only, as the attack requires local access and user interaction.

Monitor and limit input sizes in the User Name and Registration Code fields if possible, to prevent buffer overflow.

Check for any available patches or updates from the vendor and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37191. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart