4 matches found
Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection
Exploit Title: Grandstream UCM6200 Series CTI Interface - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link: http://www.grandstream.com/support/firmware/ucm62xx-official-firmware Version: 1.0.20.20 and below Teste...
Grandstream UCM6200 Series CTI Interface - user_password SQL Injection
Grandstream UCM6200 Series CTI Interface - userpassword SQL Injection Exploit Title: Grandstream UCM6200 Series CTI Interface - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...
Grandstream UCM6200 Series CTI Interface - (user_password) SQL Injection Exploit
Exploit for hardware platform in category web applications Exploit Title: Grandstream UCM6200 Series CTI Interface - 'userpassword' SQL Injection Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...
CVE-2020-5726
CVE-2020-5726 affects the Grandstream UCM6200 series prior to 1.0.20.22. A SQL injection via the CTI server on port 8888 allows a remote, unauthenticated attacker to disclose user passwords by crafting a username. Remedy: upgrade to version 1.0.20.22 or later.