Lucene search
+L

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:41 p.m.12 views

CVE-2020-5726

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords...

7.5CVSS8AI score0.04226EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.13 views

CVE-2020-5757

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API...

10CVSS7.9AI score0.06926EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 p.m.14 views

CVE-2020-5724

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords...

7.5CVSS8AI score0.11875EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 p.m.14 views

CVE-2020-5723

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges...

9.8CVSS7AI score0.05704EPSS
Exploits3References1
exploitpack
exploitpack
added 2020/03/31 12:0 a.m.275 views

Grandstream UCM6200 Series WebSocket 1.0.20.20 - user_password SQL Injection

Grandstream UCM6200 Series WebSocket 1.0.20.20 - userpassword SQL Injection Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...

0.2AI score0.01709EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/03/31 12:0 a.m.213 views

Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection

Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link: http://www.grandstream.com/support/firmware/ucm62xx-official-firmware Version: 1.0.20.20 and below...

5.9CVSS7AI score0.01709EPSS
Exploits5
CNVD
CNVD
added 2020/03/31 12:0 a.m.10 views

Grandstream UCM6200 SQL Injection Vulnerability

The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. A SQL injection vulnerability exists in the Grandstream UCM6200 series prior to version 1.0.20.22. The vulnerability stems from a database-based application that lacks validation of externally...

5.9CVSS8.1AI score0.01709EPSS
Exploits5
OSV
OSV
added 2020/03/30 8:15 p.m.6 views

CVE-2020-5723

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges...

9.8CVSS7.3AI score0.05704EPSS
Exploits3References1
CVE
CVE
added 2020/03/30 7:3 p.m.104 views

CVE-2020-5725

CVE-2020-5725 affects Grandstream UCM6200 series prior to version 1.0.20.22. The vulnerability is an SQL injection in the HTTP server’s websockify endpoint that allows a remote, unauthenticated attacker to trigger a login action with a crafted username and, via timing attacks, disclose user passw...

5.9CVSS6.2AI score0.01709EPSS
Exploits5References2Affected Software1
CVE
CVE
added 2020/03/30 7:3 p.m.115 views

CVE-2020-5723

CVE-2020-5723 affects Grandstream UCM62xx/UCM6200 series (firmware 1.0.20.22 and earlier). Root cause: unencrypted user passwords stored in an SQLite database, enabling an attacker to retrieve passwords and potentially gain elevated privileges. Connected documents also reference related CVE-2020-...

9.8CVSS9.5AI score0.05704EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2020/03/23 7:31 p.m.59 views

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

10AI score0.83926EPSS
Exploits8References3
Rows per page
Query Builder