5 matches found
Grandstream UCM6200 Series WebSocket 1.0.20.20 - user_password SQL Injection
Grandstream UCM6200 Series WebSocket 1.0.20.20 - userpassword SQL Injection Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...
Grandstream UCM6200 Series WebSocket 1.0.20.20 - (user_password) SQL Injection Exploit
Exploit for hardware platform in category web applications Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...
Grandstream UCM6200 Series WebSocket 1.0.20.20 SQL Injection
Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link: http://www.grandstream.com/support/firmware/ucm62xx-official-firmware Version: 1.0.20.20 and below...
CVE-2020-5725
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords...
CVE-2020-5725
CVE-2020-5725 affects Grandstream UCM6200 series prior to version 1.0.20.22. The vulnerability is an SQL injection in the HTTP server’s websockify endpoint that allows a remote, unauthenticated attacker to trigger a login action with a crafted username and, via timing attacks, disclose user passw...