Lucene search
GrandstreamUcm6204 Firmware
3 matches found
CVE-2020-5723
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.
9.8CVSS9.5AI score0.50757EPSS
CVE-2019-10662
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.
9CVSS9.2AI score0.10164EPSS
CVE-2020-5758
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
9CVSS8.9AI score0.05192EPSS