Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
13055.7%HIGH

Related CVEs

3
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2020-37153ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.HIGH7.790.2%Feb 11, 2026
CVE-2020-37104ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.HIGH8.742.6%Feb 11, 2026
CVE-2019-15075An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.HIGH7.534.3%Mar 20, 2020