216.73.217.86

CVE-2020-37153

· Published 11/02/2026 21:16 · Modified 11/02/2026 21:16

Labels: CVE-2020-37153 2026-02-11CVE-2020-37153CWE-79[email protected]

Essential information

Published
11/02/2026 21:16
Modified
11/02/2026 21:16
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
astpp / astpp cpe:2.3:a:astpp:astpp:4.0.1:*:*:*:*:*:*:*

References