TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
PUBLISHED5.2CWE-120
TapinRadio 2.12.3 - 'username' Denial of Service
Problem type
Affected products
Raimersoft
TapinRadio
2.12.3 - AFFECTED
References
ExploitDB-48013
https://www.exploit-db.com/exploits/48013
TapinRadio Product Webpage
https://www.raimersoft.com/php/tapinradio.php
VulnCheck Advisory: TapinRadio 2.12.3 - 'username' Denial of Service
https://www.vulncheck.com/advisories/tapinradio-username-denial-of-service
GitHub Security Advisories
GHSA-rgq9-pp26-h3f9
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username...
https://github.com/advisories/GHSA-rgq9-pp26-h3f9TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2020-37171
exploit-db.com
https://www.exploit-db.com/exploits/48013
raimersoft.com
https://www.raimersoft.com/php/tapinradio.php
vulncheck.com
https://www.vulncheck.com/advisories/tapinradio-username-denial-of-service
github.com
https://github.com/advisories/GHSA-rgq9-pp26-h3f9
JSON source
https://cveawg.mitre.org/api/cve/CVE-2020-37171Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2020-37171",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2026-02-06T23:14:13.743Z",
"dateReserved": "2026-02-06T12:31:16.221Z",
"datePublished": "2026-02-06T23:14:13.743Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2026-02-06T23:14:13.743Z"
},
"datePublic": "2020-02-05T00:00:00.000Z",
"title": "TapinRadio 2.12.3 - 'username' Denial of Service",
"descriptions": [
{
"lang": "en",
"value": "TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality."
}
],
"affected": [
{
"vendor": "Raimersoft",
"product": "TapinRadio",
"versions": [
{
"version": "2.12.3",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/48013",
"name": "ExploitDB-48013",
"tags": [
"exploit"
]
},
{
"url": "https://www.raimersoft.com/php/tapinradio.php",
"name": "TapinRadio Product Webpage",
"tags": [
"product"
]
},
{
"url": "https://www.vulncheck.com/advisories/tapinradio-username-denial-of-service",
"name": "VulnCheck Advisory: TapinRadio 2.12.3 - 'username' Denial of Service",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
}
}
],
"credits": [
{
"lang": "en",
"value": "chuyreds",
"type": "finder"
}
]
}
}
}