CVE-2020-37135 PUBLISHED

AMSS++ 4.7 - Backdoor Admin Account

Assigner: VulnCheck
Reserved: 03.02.2026 Published: 06.02.2026 Updated: 06.02.2026

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor Amssplus
Product AMSS++
Versions
  • Version 4.7 is affected

Credits

  • indoushka finder

References

Problem Types

  • Use of Hard-coded Credentials CWE