What is the CVSS score of CVE-2020-36997?

CVE-2020-36997 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for CVE-2020-36997?

Yes, a public proof-of-concept exploit is available for CVE-2020-36997. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-36997?

Within 24 hours: Immediately identify all systems running BacklinkSpeed 2.4 and isolate them from production networks if possible; disable file import functionality if the application supports this configuration. Within 7 days: Evaluate alternative solutions or upgrade to BacklinkSpeed 3.x or later if available; implement strict input validation and file type restrictions at the application layer. Within 30 days: Complete migration away from affected BacklinkSpeed 2.4 instances or apply vendor patch once released; conduct forensic analysis on all systems to detect compromise indicators.

CVE-2020-36997

CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-01-29 disclosure@vulncheck.com

Buffer Overflow

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

PoC Detected

Jan 29, 2026 - 16:31 vuln.today

Public exploit code

CVE Published

Jan 29, 2026 - 15:16 nvd

CRITICAL 9.8

DescriptionCVE.org

BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining control of the application.

AnalysisAI

Buffer overflow in BacklinkSpeed 2.4 allows code execution via SEH chain corruption through malicious input. PoC available.

Technical ContextAI

CWE-121 stack overflow corrupting SEH chain.

Affected ProductsAI

BacklinkSpeed 2.4

RemediationAI

Update or discontinue use.

CVE-2020-36997 vulnerability details – vuln.today

Back

CVE-2020-36997

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code