Vulnerabilities ›

CVE-2020-36995

High

CWE-120 — Weakness Type

                    Published: Jan 29, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User' field with 350 bytes of repeated characters to trigger an application crash and prevent normal functionality.

🤖 AI Executive Summary

Mocha Telnet Lite for iOS 4.2 contains a buffer overflow vulnerability (CWE-120) that allows attackers to crash the application by injecting 350 bytes of repeated characters into the User configuration field. This denial of service vulnerability affects mobile telnet clients commonly used by system administrators in Saudi organizations for remote infrastructure management. While no public exploit exists, the vulnerability is trivial to reproduce and could disrupt critical administrative access.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 30, 2026 01:19

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi government agencies, ARAMCO, banking sector IT administrators, and telecom operators (STC, Mobily) who rely on Mocha Telnet Lite for remote infrastructure management and legacy system access. The denial of service impact could disrupt critical administrative functions, particularly in energy sector SCADA environments and government network operations centers. Mobile-based telnet access is common in Saudi organizations for out-of-office infrastructure management, making this a direct threat to operational continuity.

🏢 Affected Saudi Sectors

Government Energy (ARAMCO) Banking Telecommunications (STC, Mobily) Healthcare Critical Infrastructure

🎯 MITRE ATT&CK Techniques

T1499 - Endpoint Denial of Service T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

⚖️ Saudi Risk Score (AI)

6.2

/ 10.0

🔧 Remediation Steps (English)

1. IMMEDIATE: Update Mocha Telnet Lite to version 4.3 or later from the Apple App Store

2. VALIDATION: Test updated version in non-production environment before deployment

3. INPUT VALIDATION: If upgrade is delayed, implement application-level input validation limiting User field to maximum 50 characters

4. MONITORING: Deploy Mobile Device Management (MDM) solutions to enforce app version compliance across iOS devices

5. DETECTION: Monitor for repeated crash logs in Mocha Telnet Lite with error codes indicating buffer overflow

6. COMPENSATING CONTROL: Restrict telnet access to VPN-only connections and implement network-level rate limiting on telnet ports (23, 992)

7. ALTERNATIVE: Consider migrating to SSH-based alternatives (Putty, iSSH) which are more secure than telnet

🔧 خطوات المعالجة (العربية)

1. فوري: قم بتحديث Mocha Telnet Lite إلى الإصدار 4.3 أو أحدث من متجر Apple App Store

2. التحقق: اختبر الإصدار المحدث في بيئة غير الإنتاج قبل النشر

3. التحقق من المدخلات: إذا تأخر التحديث، قم بتنفيذ التحقق من صحة المدخلات على مستوى التطبيق بحد أقصى 50 حرفاً لحقل المستخدم

4. المراقبة: نشر حلول إدارة الأجهزة المحمولة (MDM) لفرض امتثال إصدار التطبيق عبر أجهزة iOS

5. الكشف: راقب سجلات الأعطال المتكررة في Mocha Telnet Lite مع رموز الأخطاء التي تشير إلى تجاوز المخزن المؤقت

6. التحكم البديل: قيد وصول telnet إلى اتصالات VPN فقط وقم بتنفيذ تحديد معدل على مستوى الشبكة على منافذ telnet (23، 992)

7. بديل: فكر في الهجرة إلى بدائل قائمة على SSH (Putty، iSSH) وهي أكثر أماناً من telnet

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.14.2.1 - Secure development and change management ECC 2024 A.14.2.5 - Access control for development, test and production environments ECC 2024 A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

SAMA CSF ID.BE-1 - Asset management and inventory SAMA CSF PR.IP-3 - Configuration management SAMA CSF DE.CM-8 - Vulnerability scans

🟡 ISO 27001:2022

ISO 27001:2022 A.14.2.1 - Secure development policy ISO 27001:2022 A.14.2.5 - Secure development environment ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities

🔗 References & Sources 3

🔗

https://apps.apple.com/us/app/telnet-lite/id286893976

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/48728

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/mocha-telnet-lite-for-ios-user-denial-of-service

disclosure@vulncheck.com

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-120

EPSS0.03%

Exploit No

Patch ✓ Yes

Published 2026-01-29

Source Feed nvd

🇸🇦 Saudi Risk Score

6.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-120

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2020-36995

💬 Comments

Introduce Yourself

Sign In Required