CVE-2020-37204 – RemShutdown 2.9.0.0 contains a buffer overflow ... (How to Fix)

Q: What is the severity of CVE-2020-37204?

CVE-2020-37204 has a CVSS score of 7.5 (HIGH). RemShutdown 2.9.0.0 contains a buffer overflow vulnerability in its registration key input field that allows attackers to crash the application via denial of service. Attackers can paste a specially crafted 1000-character payload into the registration key field to trigger the crash. This affects all users running RemShutdown 2.9.0.0.

📋 TL;DR

RemShutdown 2.9.0.0 contains a buffer overflow vulnerability in its registration key input field that allows attackers to crash the application via denial of service. Attackers can paste a specially crafted 1000-character payload into the registration key field to trigger the crash. This affects all users running RemShutdown 2.9.0.0.

💻 Affected Systems

Products:

RemShutdown

Versions: 2.9.0.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version 2.9.0.0; earlier or later versions may not be vulnerable.

📦 What is this software?

Remshutdown by Nsasoft

View all CVEs affecting Remshutdown →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service rendering RemShutdown unavailable, potentially disrupting scheduled shutdown/reboot operations on affected systems.

🟠

Likely Case

Application crash requiring restart of RemShutdown service, temporarily preventing remote shutdown/reboot functionality.

🟢

If Mitigated

Minimal impact if application is restarted automatically or if alternative shutdown methods are available.

🌐 Internet-Facing: LOW - Exploitation requires access to the application's GUI interface, typically not exposed to internet.

🏢 Internal Only: MEDIUM - Internal attackers with access to systems running RemShutdown could disrupt shutdown operations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires physical or remote access to the GUI interface where registration key can be entered. Proof of concept available in exploit databases.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.9.0.1 or later

Vendor Advisory: http://www.nsauditor.com/

Restart Required: Yes

Instructions:

1. Download latest version from nsauditor.com 2. Uninstall current version 3. Install updated version 4. Restart system or service

🔧 Temporary Workarounds

Input Validation via Application Firewall

windows

Block or monitor input to RemShutdown registration field using application-level controls

Restrict GUI Access

windows

Limit access to RemShutdown GUI to authorized users only

🧯 If You Can't Patch

Restrict physical and remote access to systems running RemShutdown
Implement monitoring for application crashes and restart automation

🔍 How to Verify

Check if Vulnerable:

Check RemShutdown version in Help > About menu; if version is 2.9.0.0, system is vulnerable

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

After update, verify version shows 2.9.0.1 or later in Help > About menu

📡 Detection & Monitoring

Log Indicators:

Application crash logs for RemShutdown
Windows Event Logs showing application termination

Network Indicators:

Unusual access patterns to RemShutdown GUI

SIEM Query:

EventID=1000 AND SourceName='RemShutdown' OR ProcessName='RemShutdown.exe'

📊 Metadata

CVE ID: CVE-2020-37204

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

EPSS Score: 0.03% exploit probability (7.4th percentile)

Published: February 11, 2026

Last Updated: February 20, 2026

🔗 References

http://www.nsauditor.com/ Product
https://www.exploit-db.com/exploits/47863 Exploit,Third Party Advisory,VDB Entry
https://www.vulncheck.com/advisories/remshutdown-key-denial-of-service Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-37204, you might also want to check these: