CVE-2020-37159

Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://en.softonic.com/author/pxcompany
https://www.exploit-db.com/exploits/48087
https://www.vulncheck.com/advisories/cuckoo-clock-buffer-overflow

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Parallaxis Cuckoo Clock 5.0 contiene una vulnerabilidad de desbordamiento de búfer que permite a los atacantes ejecutar código arbitrario sobrescribiendo registros de memoria en la función de programación de alarmas. Los atacantes pueden crear una carga útil maliciosa que exceda los 260 bytes para sobrescribir EIP y EBP, lo que permite la ejecución de shellcode con potencial ejecución remota de código.

07 Feb 2026, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-07 00:15

Updated : 2026-04-15 00:35

NVD link : CVE-2020-37159

Mitre link : CVE-2020-37159

CVE.ORG link : CVE-2020-37159

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2020-37159", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-07T00:15:55.923", "references": [{"url": "https://en.softonic.com/author/pxcompany", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/48087", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/cuckoo-clock-buffer-overflow", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution."}, {"lang": "es", "value": "Parallaxis Cuckoo Clock 5.0 contiene una vulnerabilidad de desbordamiento de b\u00fafer que permite a los atacantes ejecutar c\u00f3digo arbitrario sobrescribiendo registros de memoria en la funci\u00f3n de programaci\u00f3n de alarmas. Los atacantes pueden crear una carga \u00fatil maliciosa que exceda los 260 bytes para sobrescribir EIP y EBP, lo que permite la ejecuci\u00f3n de shellcode con potencial ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}