CVE-2020-37194
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service in Backup Key Recovery 2.2.5 via Oversized Registration Key

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37194
EUVD
EUVD-2020-31140
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nsauditor backup_key_recovery to 2.2.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37194 is a denial of service vulnerability in Backup Key Recovery version 2.2.5 and earlier. It occurs because the application does not properly check the size of input data when processing the registration key.

An attacker can supply an overly long registration key, such as a 1000-character payload, which causes a buffer overflow and crashes the application.

This vulnerability exploits improper input handling in the registration key field, leading to an application crash and denial of service.

Impact Analysis

This vulnerability can cause the Backup Key Recovery application to crash when an attacker inputs an excessively long registration key.

The impact is a denial of service condition, meaning legitimate users may be unable to use the application while it is crashed.

Since the attack requires local access and user interaction, the risk is somewhat limited but still significant for availability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the Backup Key Recovery 2.2.5 application. Specifically, an attacker or tester can generate a payload file containing 1000 characters and paste it into the registration key field of the application to see if it crashes.'}, {'type': 'list_item', 'content': 'Download and install Backup Key Recovery 2.2.5.'}, {'type': 'list_item', 'content': 'Use a script (such as a Python script) to generate a file named "poc.txt" containing 1000 "A" characters.'}, {'type': 'list_item', 'content': 'Launch the Backup Key Recovery software and navigate to "Register -> Enter Registration Code."'}, {'type': 'list_item', 'content': 'Copy the contents of "poc.txt" and paste it into the registration key field.'}, {'type': 'list_item', 'content': "Click 'Ok' and observe if the application crashes, indicating the presence of the vulnerability."}] [2]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37194. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart