Search criteria
4 vulnerabilities found for ShareAlarmPro by Nsasoft
CVE-2020-37206 (GCVE-0-2020-37206)
Vulnerability from nvd – Published: 2026-02-11 20:37 – Updated: 2026-02-12 14:39
VLAI?
Title
ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service
Summary
ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field.
Severity ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47859 | exploit |
| http://www.nsauditor.com/ | product |
| https://www.vulncheck.com/advisories/sharealarmpr… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nsasoft | Nsauditor ShareAlarmPro Advanced Network Access Control |
Affected:
-
|
Date Public ?
2020-01-06 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37206",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T14:39:28.703659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T14:39:42.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nsauditor ShareAlarmPro Advanced Network Access Control",
"vendor": "Nsasoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ismail Tasdelen"
}
],
"datePublic": "2020-01-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T20:37:25.735Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-47859",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/47859"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "http://www.nsauditor.com/"
},
{
"name": "VulnCheck Advisory: ShareAlarmPro Advanced Network Access Control - \u0027Key\u0027 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sharealarmpro-advanced-network-access-control-key-denial-of-service"
}
],
"title": "ShareAlarmPro Advanced Network Access Control - \u0027Key\u0027 Denial of Service",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37206",
"datePublished": "2026-02-11T20:37:25.735Z",
"dateReserved": "2026-02-10T18:49:52.493Z",
"dateUpdated": "2026-02-12T14:39:42.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0772 (GCVE-0-2024-0772)
Vulnerability from nvd – Published: 2024-01-21 23:31 – Updated: 2024-10-21 11:02
VLAI?
Title
Nsasoft ShareAlarmPro Registration memory corruption
Summary
A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-119 - Memory Corruption
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.251672 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.251672 | signaturepermissions-required |
| https://youtu.be/WIeWeuXbkiY | exploitmedia-coverage |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nsasoft | ShareAlarmPro |
Affected:
2.1.4
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.251672"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.251672"
},
{
"tags": [
"exploit",
"media-coverage",
"x_transferred"
],
"url": "https://youtu.be/WIeWeuXbkiY"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0772",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T16:05:42.936187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T11:02:08.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Registration Handler"
],
"product": "ShareAlarmPro",
"vendor": "Nsasoft",
"versions": [
{
"status": "affected",
"version": "2.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fernando.mengali (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Nsasoft ShareAlarmPro 2.1.4 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Registration Handler. Durch die Manipulation des Arguments Name/Key mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-21T23:31:04.097Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.251672"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.251672"
},
{
"tags": [
"exploit",
"media-coverage"
],
"url": "https://youtu.be/WIeWeuXbkiY"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-21T10:23:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Nsasoft ShareAlarmPro Registration memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0772",
"datePublished": "2024-01-21T23:31:04.097Z",
"dateReserved": "2024-01-21T09:18:21.337Z",
"dateUpdated": "2024-10-21T11:02:08.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-37206 (GCVE-0-2020-37206)
Vulnerability from cvelistv5 – Published: 2026-02-11 20:37 – Updated: 2026-02-12 14:39
VLAI?
Title
ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service
Summary
ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field.
Severity ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47859 | exploit |
| http://www.nsauditor.com/ | product |
| https://www.vulncheck.com/advisories/sharealarmpr… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nsasoft | Nsauditor ShareAlarmPro Advanced Network Access Control |
Affected:
-
|
Date Public ?
2020-01-06 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37206",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T14:39:28.703659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T14:39:42.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nsauditor ShareAlarmPro Advanced Network Access Control",
"vendor": "Nsasoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ismail Tasdelen"
}
],
"datePublic": "2020-01-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T20:37:25.735Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-47859",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/47859"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "http://www.nsauditor.com/"
},
{
"name": "VulnCheck Advisory: ShareAlarmPro Advanced Network Access Control - \u0027Key\u0027 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sharealarmpro-advanced-network-access-control-key-denial-of-service"
}
],
"title": "ShareAlarmPro Advanced Network Access Control - \u0027Key\u0027 Denial of Service",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37206",
"datePublished": "2026-02-11T20:37:25.735Z",
"dateReserved": "2026-02-10T18:49:52.493Z",
"dateUpdated": "2026-02-12T14:39:42.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0772 (GCVE-0-2024-0772)
Vulnerability from cvelistv5 – Published: 2024-01-21 23:31 – Updated: 2024-10-21 11:02
VLAI?
Title
Nsasoft ShareAlarmPro Registration memory corruption
Summary
A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-119 - Memory Corruption
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.251672 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.251672 | signaturepermissions-required |
| https://youtu.be/WIeWeuXbkiY | exploitmedia-coverage |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nsasoft | ShareAlarmPro |
Affected:
2.1.4
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.251672"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.251672"
},
{
"tags": [
"exploit",
"media-coverage",
"x_transferred"
],
"url": "https://youtu.be/WIeWeuXbkiY"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0772",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T16:05:42.936187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T11:02:08.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Registration Handler"
],
"product": "ShareAlarmPro",
"vendor": "Nsasoft",
"versions": [
{
"status": "affected",
"version": "2.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fernando.mengali (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Nsasoft ShareAlarmPro 2.1.4 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Registration Handler. Durch die Manipulation des Arguments Name/Key mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-21T23:31:04.097Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.251672"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.251672"
},
{
"tags": [
"exploit",
"media-coverage"
],
"url": "https://youtu.be/WIeWeuXbkiY"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-21T10:23:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Nsasoft ShareAlarmPro Registration memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0772",
"datePublished": "2024-01-21T23:31:04.097Z",
"dateReserved": "2024-01-21T09:18:21.337Z",
"dateUpdated": "2024-10-21T11:02:08.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}