CVE-2020-37153

ASTPP VoIP 4.0.1 - Remote Code Execution

CVSS 7.7 HIGHEPSS 4.4%CWE-79

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.7EPSS 4.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 fev 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

ASTPP · ASTPP

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/iNextrix/ASTPP https://www.astppbilling.org/https://www.exploit-db.com/exploits/47889 https://www.vulncheck.com/advisories/astpp-voip-remote-code-execution