3 matches found
CVE-2019-15075
CVE-2019-15075 affects iNextrix ASTPP prior to 4.0.1. The issue is in web_interface/astpp/application/config/config.php, which does not use strong random keys, as demonstrated by the use of a private key and an encryption key in the example. The connected sources corroborate the weak-key configur...
CVE-2020-37104
CVE-2020-37104 affects ASTPP 4.0.1 and describes an information disclosure where unauthenticated attackers can download database backup files by predicting 6‑digit PINs and fuzzing the backup download URL under /database_backup/. The vulnerability relates to information exposure of sensitive data...
CVE-2020-37153
CVE-2020-37153 affects ASTPP 4.0.1. The vulnerability set includes cross-site scripting and command injection in the SIP device configuration and plugin management interfaces. Attackers could inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root p...