What is the CVSS score of CVE-2020-37120?

CVE-2020-37120 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Is there a public PoC exploit available for CVE-2020-37120?

Yes, a public proof-of-concept exploit is available for CVE-2020-37120. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2020-37120?

Within 24 hours: inventory all Rubo DICOM Viewer 2.0 installations and isolate affected systems from network access or restrict to trusted internal networks only. Within 7 days: implement network segmentation to limit DICOM server access, disable the DICOM server input field if operationally feasible, or restrict user input length via WAF/proxy rules. Within 30 days: evaluate migration to patched versions or alternative DICOM viewers, and monitor vendor communications for patch availability.

CVE-2020-37120

CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-02-05 disclosure@vulncheck.com

RCE Buffer Overflow

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 05, 2026 - 20:47 vuln.today

Public exploit code

CVE Published

Feb 05, 2026 - 17:16 nvd

CRITICAL 9.8

DescriptionCVE.org

Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and triggering remote code execution.

AnalysisAI

Buffer overflow in Rubo DICOM Viewer 2.0 through the DICOM server name input field allows attackers to execute arbitrary code. PoC available.

Technical ContextAI

CWE-121 stack overflow triggered by oversized DICOM server name input. Medical imaging software vulnerability.

Affected ProductsAI

Rubo DICOM Viewer 2.0

RemediationAI

Update to a patched version of the DICOM viewer. Use network segmentation for medical imaging workstations.

CVE-2020-37120 vulnerability details – vuln.today

Back

CVE-2020-37120

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code