VYPR

Astpp

by Astpp

CVEs (3)

  • CVE-2020-37153Feb 11, 2026
    risk 0.00cvss epss 0.04

    ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute…

  • CVE-2020-37104Feb 11, 2026
    risk 0.00cvss epss 0.01

    ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate…

  • CVE-2019-15075Mar 20, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.