← Voltar para CVEs
CVE-2020-37153
CRITICAL9.8
Descricao
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/11/2026
Ultima modificacao2/20/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
inextrix:astpp
Fraquezas (CWE)
CWE-79
Referencias
https://github.com/iNextrix/ASTPP(disclosure@vulncheck.com)
https://www.astppbilling.org/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/47889(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/astpp-voip-remote-code-execution(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.