CVE-2020-37122 PUBLISHED

SpotFTP-FTP Password Recover 2.4.8 - Denial of Service

Assigner: VulnCheck
Reserved: 03.02.2026 Published: 06.02.2026 Updated: 06.02.2026

SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 6.7

Product Status

Vendor Nsauditor
Product FTP Password Recover
Versions
  • Version 2.4.8 is affected

Credits

  • Ismael Nava finder

References

Problem Types

  • Stack-based Buffer Overflow CWE