CVE-2020-37208 MEDIUM

CVE-2020-37208: SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service

Vendor Nsasoft

Product Nsauditor SpotFTP FTP Password Recovery

Weakness CWE-787

Published February 11, 2026

Last update February 12, 2026

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service.

Key dates

02Disclosure timeline

February 11, 2026 CVE published

February 12, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-37208 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2020-37208

CWE CWE-787

CVSS 4.6 / MEDIUM

Affected versions