Login Sign Up

CVE-2020-36949

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2020-36949 is a denial of service vulnerability in TapinRadio 2.13.7 where attackers can crash the application by pasting large buffers (20,000+ characters) into proxy settings fields. This affects all users running the vulnerable version of TapinRadio, requiring reinstallation after exploitation. The vulnerability stems from insufficient input validation in the proxy configuration interface.

💻 Affected Systems

Products:
  • TapinRadio
Versions: 2.13.7 (specific version mentioned in CVE)
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the proxy settings dialog accessible from the application's options/settings menu.

📦 What is this software?

Tapinradio by Raimersoft

View all CVEs affecting Tapinradio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash requiring reinstallation, disrupting radio streaming functionality and potentially causing data loss of user settings.

🟠

Likely Case

Application becomes unresponsive and crashes, requiring manual restart or reinstallation to restore functionality.

🟢

If Mitigated

No impact if input validation is implemented or proxy settings are not exposed to untrusted users.

🌐 Internet-Facing: LOW - Exploitation requires direct access to the application's GUI interface, not network-accessible services.
🏢 Internal Only: MEDIUM - Local users or malware with GUI access could crash the application, but requires user interaction with proxy settings.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires GUI access to paste malicious input into proxy fields. Proof of concept available on Exploit-DB.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for updates beyond 2.13.7

Vendor Advisory: http://www.raimersoft.com/

Restart Required: Yes

Instructions:

1. Visit http://www.raimersoft.com/ 2. Download latest TapinRadio version 3. Install update 4. Restart application

🔧 Temporary Workarounds

Restrict proxy settings access

windows

Prevent users from accessing proxy configuration dialog through application restrictions or user training.

Input validation via external tools

windows

Use application control solutions to monitor and block excessive input in TapinRadio fields.

🧯 If You Can't Patch

  • Isolate TapinRadio to trusted users only and restrict physical/remote GUI access
  • Implement application whitelisting to prevent unauthorized modifications to TapinRadio

🔍 How to Verify

Check if Vulnerable:

Check TapinRadio version in Help > About. If version is 2.13.7, system is vulnerable.

Check Version:

In TapinRadio: Help > About

Verify Fix Applied:

After update, verify version is higher than 2.13.7 and test proxy fields with large input (safe test with 20,000 'A' characters).

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs from TapinRadio
  • Windows Event Logs showing application failures

Network Indicators:

  • No network indicators - local exploitation only

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="TapinRadio.exe"

📊 Metadata

CVE ID: CVE-2020-36949
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-770
Published: January 27, 2026
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-36949, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)