How to fix CVE-2020-36949?

Within 24 hours: Inventory all systems running Tapinradio and identify version numbers; assess whether affected versions are in production use. Within 7 days: Implement network-level access controls to restrict Tapinradio exposure; disable unnecessary features if possible; monitor resource consumption for anomalies. Within 30 days: Contact vendor for timeline to patch availability; evaluate alternative solutions or plan for version upgrade immediately upon patch release; document business justification for any systems that cannot be remediated.

Is Tapinradio affected by CVE-2020-36949?

Tapinradio versions 2.13.7 and earlier contain a resource exhaustion vulnerability that could allow attackers to consume unlimited system resources, potentially causing service degradation or denial of service.

CVE-2020-36949

HIGH

2026-01-27 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 20, 2026 - 14:22 vuln.today

Public exploit code

CVE Published

Jan 27, 2026 - 16:16 nvd

HIGH 7.5

Description

TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fields to cause the application to become unresponsive and require reinstallation.

Analysis

Tapinradio versions up to 2.13.7 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Technical Context

This vulnerability (CWE-770: Allocation of Resources Without Limits or Throttling) affects Tapinradio. TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fields to cause the application to become unresponsive and require reinstallation.

Affected Products

Vendor: Raimersoft. Product: Tapinradio. Versions: up to 2.13.7.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: +20

CVE-2020-36949 vulnerability details – vuln.today

Back

CVE-2020-36949

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2020-36949

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code