CVE-2020-37206
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-02-11

Last updated on: 2026-02-26

Assigner: VulnCheck

Description
ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-26
Generated
2026-05-07
AI Q&A
2026-02-11
EPSS Evaluated
2026-05-05
NVD
CVE-2020-37206
EUVD
EUVD-2020-31182
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nsasoft sharealarmpro *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2020-37206 is a denial of service (DoS) vulnerability in ShareAlarmPro Advanced Network Access Control software. It occurs because the application does not properly validate the size of the registration key input. An attacker can supply an oversized registration key, approximately 1000 characters long, which causes the application to crash.

This vulnerability is due to a buffer overflow or improper input size checking in the key handling mechanism, classified under CWE-120. The attack involves generating a large payload and pasting it into the registration key field, triggering the crash.


How can this vulnerability impact me? :

This vulnerability can impact you by causing the ShareAlarmPro application to crash, resulting in a denial of service condition. This means legitimate users may be unable to use the software while it is crashed.

Since the attack requires local access and user interaction to paste the oversized key, it may be exploited by a local attacker or someone with access to the system, potentially disrupting network access control operations.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the ShareAlarmPro application. Specifically, you can generate a payload of 1000 characters and input it into the registration key field to see if the application crashes.'}, {'type': 'paragraph', 'content': "A practical method involves running a Python script to create a file containing 1000 'A' characters, then pasting this payload into the registration key field of ShareAlarmPro."}, {'type': 'list_item', 'content': "Run a Python script to generate the payload file, e.g., a script that writes 1000 'A's to a file named 'poc.txt'."}, {'type': 'list_item', 'content': 'Open ShareAlarmPro on a Windows 10 system.'}, {'type': 'list_item', 'content': "Open the registration dialog and paste the contents of 'poc.txt' into the registration key field."}, {'type': 'list_item', 'content': 'Submit the key and observe if the application crashes, indicating the presence of the vulnerability.'}] [1]


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart