CVE-2020-37135 | THREATINT

Description

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.

PUBLISHED Reserved 2026-02-03 | Published 2026-02-06 | Updated 2026-02-17 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Use of Hard-coded Credentials

Product status

4.7

affected

Credits

indoushka finder

References

www.exploit-db.com/exploits/48114 (ExploitDB-48114) exploit

www.vulncheck.com/advisories/amss-backdoor-admin-account (VulnCheck Advisory: AMSS++ 4.7 - Backdoor Admin Account) third-party-advisory

cve.org (CVE-2020-37135)

nvd.nist.gov (CVE-2020-37135)

Download JSON