CVE-2020-37104

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-37104
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/iNextrix/ASTPP Product
https://www.astppbilling.org/ Product
https://www.exploit-db.com/exploits/47900 Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/astpp-voip-billing-database-backup-download Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:inextrix:astpp:4.0.1:*:*:*:*:*:*:*
History

20 Feb 2026, 20:20

Type Values Removed Values Added
CPE cpe:2.3:a:inextrix:astpp:4.0.1:*:*:*:*:*:*:*
Summary
  • (es) ASTPP 4.0.1 contiene una vulnerabilidad de revelación de información que permite a atacantes no autenticados descargar archivos de copia de seguridad de la base de datos prediciendo patrones de nombres de archivo de copia de seguridad. Los atacantes pueden generar una lista de combinaciones de PIN de 6 dígitos y fuzzear la URL de descarga de la copia de seguridad para exfiltrar información sensible de la base de datos del directorio /database_backup/.
First Time Inextrix astpp
Inextrix
References () https://github.com/iNextrix/ASTPP - () https://github.com/iNextrix/ASTPP - Product
References () https://www.astppbilling.org/ - () https://www.astppbilling.org/ - Product
References () https://www.exploit-db.com/exploits/47900 - () https://www.exploit-db.com/exploits/47900 - Exploit, Third Party Advisory, VDB Entry
References () https://www.vulncheck.com/advisories/astpp-voip-billing-database-backup-download - () https://www.vulncheck.com/advisories/astpp-voip-billing-database-backup-download - Third Party Advisory

11 Feb 2026, 21:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-11 21:16

Updated : 2026-02-20 20:20

NVD link : CVE-2020-37104

Mitre link : CVE-2020-37104

CVE.ORG link : CVE-2020-37104

JSON object : View

Products Affected

inextrix

  • astpp
CWE
CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory