Backup Key Recovery
by Nsauditor
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-37194 | Hig | 0.49 | 7.5 | 0.00 | Feb 11, 2026 | Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an application crash. | |
| CVE-2020-37185 | Hig | 0.49 | 7.5 | 0.00 | Feb 11, 2026 | Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash. | |
| CVE-2021-47813 | Hig | 0.49 | 7.5 | 0.00 | Jan 16, 2026 | Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer of 256 repeated characters into the registration key field to trigger application instability and potential crash. | |
| CVE-2019-25599 | Med | 0.40 | 6.2 | 0.00 | Mar 22, 2026 | Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form. |
- risk 0.49cvss 7.5epss 0.00
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an application crash.
- risk 0.49cvss 7.5epss 0.00
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.
- risk 0.49cvss 7.5epss 0.00
Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer of 256 repeated characters into the registration key field to trigger application instability and potential crash.
- risk 0.40cvss 6.2epss 0.00
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form.