CVE-2020-37153 HIGH

CVE-2020-37153: ASTPP VoIP 4.0.1 - Remote Code Execution

Vendor Astpp
Product ASTPP
Weakness CWE-79 · XSS
Published February 11, 2026
Last update March 5, 2026
View on NVD All CVEs

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.

Key dates

02Disclosure timeline

February 11, 2026 CVE published
March 5, 2026 Record updated