HomeCVE-2020-37153

CVE-2020-37153

HIGH
7.7CVSS
Published: 2026-02-11
Updated: 2026-02-12
AI Analysis

Description

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.

CVSS Metrics

Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
network
Complexity
high
Privileges
none
User Action
passive
Confidentiality
undefined
Integrity
undefined
Availability
undefined
Weaknesses
CWE-79

Metadata

Primary Vendor
UNKNOWN
Published
2/11/2026
Last Modified
2/12/2026
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

No affected products information available.

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2020-37153 | HIGH Severity | CVEDatabase.com | CVEDatabase.com