Lucene search
K

54 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-26884

Malware in sbrugna...

5.9CVSS5.8AI score0.01709EPSS
Exploits5References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2020-26917

Malware in sbrugna...

9CVSS8.6AI score0.04375EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-26918

Malware in sbrugna...

10CVSS9.2AI score0.03204EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-26885

Malware in sbrugna...

7.5CVSS7.5AI score0.04226EPSS
Exploits5References4
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.6 views

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

10CVSS8.3AI score0.83926EPSS
Exploits8References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:41 p.m.10 views

CVE-2020-5726

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords...

7.5CVSS8AI score0.04226EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.10 views

CVE-2020-5725

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords...

5.9CVSS8AI score0.01709EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.11 views

CVE-2020-5759

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command...

10CVSS7.9AI score0.03204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.8 views

CVE-2020-5758

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API...

9CVSS7.9AI score0.04375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.12 views

CVE-2020-5757

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API...

10CVSS7.9AI score0.06926EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 p.m.12 views

CVE-2020-5724

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords...

7.5CVSS8AI score0.11875EPSS
Exploits3References1
CISA KEV Catalog
CISA KEV Catalog
added 2022/01/28 12:0 a.m.44 views

Grandstream Networks UCM6200 Series SQL Injection Vulnerability

Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root...

10CVSS3AI score0.83926EPSS
In wildExploits8
CNVD
CNVD
added 2020/07/21 12:0 a.m.2 views

Grandstream UCM6200 Series OS Command Injection Vulnerability (CNVD-2020-44352)

The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. An OS command injection vulnerability exists in the Grandstream UCM6200 series versions 1.0.20.23 and earlier. This vulnerability can be exploited by an attacker to execute commands as root by...

9CVSS8AI score0.04375EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/21 12:0 a.m.4 views

Grandstream UCM6200 Series OS Command Injection Vulnerability

The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. An OS command injection vulnerability exists in the Grandstream UCM6200 series versions 1.0.20.23 and earlier. The vulnerability can be exploited to execute commands as root by issuing speciall...

10CVSS8.1AI score0.03204EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/21 12:0 a.m.2 views

Grandstream UCM6200 Series OS Command Injection Vulnerability (CNVD-2020-44351)

The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. An OS command injection vulnerability exists in the Grandstream UCM6200 series versions 1.0.20.23 and earlier. A remote authenticated attacker can exploit this vulnerability by sending a...

10CVSS7.9AI score0.06926EPSS
Exploits0References1
OSV
OSV
added 2020/07/17 9:15 p.m.7 views

CVE-2020-5757

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API...

9.8CVSS7.5AI score0.06926EPSS
Exploits0References2
OSV
OSV
added 2020/07/17 9:15 p.m.5 views

CVE-2020-5759

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command...

9.8CVSS5.9AI score0.03204EPSS
Exploits0References2
OSV
OSV
added 2020/07/17 9:15 p.m.6 views

CVE-2020-5758

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API...

8.8CVSS7.4AI score0.04375EPSS
Exploits0References2
NVD
NVD
added 2020/07/17 9:15 p.m.20 views

CVE-2020-5757

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API...

10CVSS0.06926EPSS
Exploits0References2
NVD
NVD
added 2020/07/17 9:15 p.m.27 views

CVE-2020-5759

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command...

10CVSS0.03204EPSS
Exploits0References2
Rows per page
Query Builder