11 matches found
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...
Grandstream Networks UCM6200 Series SQLi (SIP)
A SQL injection vulnerability exists in Grandstream UCM6200 Series devices. An unauthenticated, remote attacker can exploit this to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. Note that Nessus has not tested...
Grandstream Networks UCM6200 Series SQLi (Web UI)
A SQL injection vulnerability exists in Grandstream UCM6200 Series devices. An unauthenticated, remote attacker can exploit this to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. Note that Nessus has not tested...
Metasploit Weekly Wrap-Up
I'm sure you know what's coming, more Log4Shell For those wondering when the Log4Shell remediation nightmare will end, I'm afraid I can't give you that. What I can give you, though, is a new Log4Shell module! With the new module from zeroSteiner you can expect to get unauthenticated RCE on the...
Grandstream UCM62xx IP PBX sendPasswordEmail Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated SQL injection vulnerability and a command injection vulnerability affecting the Grandstream UCM62xx IP PBX series of devices. The vulnerabilities allow an unauthenticated remote attacker to execute commands as root. This module requires Metasploi...
Grandstream UCM6202 Command Injection (CVE-2020-5722)
A command injection vulnerability exists in Grandstream UCM6202. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2020-5722
creationtimestamp| type| source ---|---|--- 2020-04-10 16:33:40+00:00| exploited| https://t.me/truesecator/456 2020-04-13 09:10:02+00:00| exploited| https://t.me/SecLabNews/7334 2020-10-09 14:02:50+00:00| seen| MISP/3e3792b8-d224-49c1-adcb-cf1dafc6174d 2020-10-15 15:07:04+00:00| seen|...
UCM6202 1.0.18.13 - Remote Command Injection Exploit
Exploit for hardware platform in category web applications Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on:...
UCM6202 1.0.18.13 - Remote Command Injection
Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on: UCM6202 1.0.18.13 CVE : CVE-2020-5722 Shodan...
CVE-2020-5722
The Grandstream UCM6200 series (UCM62xx) is affected by CVE-2020-5722: an unauthenticated remote SQL injection via crafted HTTP requests in the HTTP interface, with potential to execute shell commands as root on versions before 1.0.19.20 and to inject HTML in password recovery emails on versions ...
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...