CVE-2020-37191 – CVE-2020-37191 is a buffer overflow vulnerabili... (How to Fix)

📋 TL;DR

CVE-2020-37191 is a buffer overflow vulnerability in Top Password Software Dialup Password Recovery 1.30 that allows attackers to crash the application by sending overly long input to authentication fields. This affects users of version 1.30 who have the software installed and accessible. The vulnerability enables denial of service attacks but doesn't appear to allow code execution.

💻 Affected Systems

Products:

Top Password Software Dialup Password Recovery

Versions: Version 1.30

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects version 1.30; earlier or later versions may not be vulnerable

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash requiring restart, potential data loss if recovery operations were in progress

🟠

Likely Case

Application becomes unresponsive and crashes, disrupting legitimate password recovery operations

🟢

If Mitigated

No impact if input validation is implemented or software is not exposed to untrusted users

🌐 Internet-Facing: LOW - This is a desktop application not typically exposed to internet

🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or through social engineering

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires local access or ability to feed input to the application; proof-of-concept available on Exploit-DB

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.top-password.com/

Restart Required: No

Instructions:

1. Check vendor website for updated version
2. If update available, download and install
3. Verify version is no longer 1.30

🔧 Temporary Workarounds

Input Validation via Application Firewall

windows

Use application firewall to block overly long input to the software

Restrict Application Access

windows

Limit who can run the software to trusted users only

🧯 If You Can't Patch

Uninstall the software if not critically needed
Run software in isolated environment with no network access

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About menu; if version is 1.30, it's vulnerable

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version is no longer 1.30; test with 5000-character input to see if application crashes

📡 Detection & Monitoring

Log Indicators:

Application crash logs
Windows Event Logs showing application termination

Network Indicators:

Not applicable - local exploit

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName contains 'Dialup Password Recovery'

📊 Metadata

CVE ID: CVE-2020-37191

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-120

EPSS Score: 0.02% exploit probability (5.2th percentile)

Published: February 11, 2026

Last Updated: February 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-37191, you might also want to check these: