What is the CVSS score of CVE-2020-37135?

CVE-2020-37135 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for CVE-2020-37135?

Yes, a public proof-of-concept exploit is available for CVE-2020-37135. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-37135?

Within 24 hours: Identify all AMSS++ 4.7 instances in your environment and isolate them from production networks if possible; change all default credentials immediately and audit recent admin account activity for breach indicators. Within 7 days: Implement network access controls to restrict administrative interfaces to authorized IP ranges only; deploy enhanced monitoring on admin accounts for suspicious activities. Within 30 days: Upgrade to a patched version of AMSS++ when available or replace the software entirely if no patch timeline is provided by the vendor.

CVE-2020-37135

HIGH

Use of Hard-coded Credentials (CWE-798)

2026-02-07 disclosure@vulncheck.com

Authentication Bypass

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 09, 2026 - 16:08 vuln.today

Public exploit code

CVE Published

Feb 07, 2026 - 00:15 nvd

HIGH 7.5

DescriptionCVE.org

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.

AnalysisAI

Technical ContextAI

Classified as CWE-798 (Use of Hard-coded Credentials). AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.

Affected ProductsAI

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attack

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2020-37135 vulnerability details – vuln.today

Back

CVE-2020-37135

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code