CVE-2020-37153

CRITICAL WAF: High
CVSS 9.8 Published: 2026-02-11
CWE-79

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

VendorProductVersion
inextrixastpp4.0.1

References

Back to CVE Database