Home / Vulnerability Intelligence / CVE-2020-37153

CVE-2020-37153 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 12, 2026

ASTPP - Command Injection & Stored XSS

Published: February 11, 2026Updated: February 12, 2026Remote Exploitable

Overview

ASTPP 4.0.1 contains command injection and stored XSS vulnerabilities in SIP device configuration and plugin management interfaces, letting attackers execute arbitrary code with root permissions and hijack admin sessions, exploit requires access to these interfaces.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can execute arbitrary code as root and hijack administrator sessions, leading to full system compromise.

Mitigation

Update to the latest version of ASTPP.

References

https://www.astppbilling.org/
https://www.exploit-db.com/exploits/47889
https://www.vulncheck.com/advisories/astpp-voip-remote-code-execution
https://github.com/iNextrix/ASTPP

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2020-37153
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: unconfirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H