What is the CVSS score of CVE-2020-37129?

CVE-2020-37129 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for CVE-2020-37129?

Yes, a public proof-of-concept exploit is available for CVE-2020-37129. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-37129?

Within 24 hours: Identify all systems running Memu Play 7.1.3 and restrict access to administrative users only; disable Memu Play if non-essential. Within 7 days: Uninstall Memu Play 7.1.3 from all endpoints and migrate workloads to alternative emulation platforms; document all affected systems and data processed. Within 30 days: Conduct forensic audit of systems that ran vulnerable versions to detect unauthorized modifications or lateral movement; implement application whitelisting to prevent execution of modified service files.

CVE-2020-37129

CRITICAL

Incorrect Default Permissions (CWE-276)

2026-02-05 disclosure@vulncheck.com

Privilege Escalation

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 05, 2026 - 20:47 vuln.today

Public exploit code

CVE Published

Feb 05, 2026 - 17:16 nvd

CRITICAL 9.8

DescriptionCVE.org

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file modification permissions.

AnalysisAI

Insecure folder permissions in MEmu Play 7.1.3 Android emulator allow low-privileged users to modify application binaries, enabling privilege escalation to SYSTEM. PoC available.

Technical ContextAI

CWE-276 incorrect default permissions. MEmu Play installation directory grants write access to low-privileged users, who can replace binaries that run as SYSTEM.

Affected ProductsAI

MEmu Play 7.1.3

RemediationAI

Update MEmu Play. Restrict installation directory permissions to administrators only.

CVE-2020-37129 vulnerability details – vuln.today

Back

CVE-2020-37129

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code