Vulnerabilities (CVE)

Filtered by vendor Grandstream Subscribe

Filtered by product Ucm6202 Firmware

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-5758	1 Grandstream	6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more	2020-07-23	9.0 HIGH	8.8 HIGH
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
CVE-2020-5726	1 Grandstream	6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more	2020-03-31	5.0 MEDIUM	7.5 HIGH
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
CVE-2020-5724	1 Grandstream	6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more	2020-03-30	5.0 MEDIUM	7.5 HIGH
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.