VYPR
Unrated severityNVD Advisory· Published Feb 11, 2026· Updated Mar 5, 2026

ASTPP 4.0.1 VoIP Billing - Database Backup Download

CVE-2020-37104

Description

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Astpp/Astppllm-fuzzy2 versions
    = 4.0.1+ 1 more
    • (no CPE)range: = 4.0.1
    • (no CPE)range: 4.0.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.