HIGH🇬🇧 English

CVE-2020-5724

CVSS 7.5v3.1pub. 2020-03-30upd. 2024-11-21

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Grandstream Ucm6202

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Ucm6202 Firmware

    OS
    Grandstream
    < 1.0.20.22
  • Grandstream Ucm6204

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Ucm6204 Firmware

    OS
    Grandstream
    < 1.0.20.22
  • Grandstream Ucm6208

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Ucm6208 Firmware

    OS
    Grandstream
    < 1.0.20.22
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLiAuth Bypass
CWE
Referencje

Powiązane podatności

CVE-2020-5757CRITICAL9.8ten sam produkt

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...

CVE-2020-5759CRITICAL9.8ten sam produkt

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH....

CVE-2020-5723CRITICAL9.8ten sam produkt

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could all...

CVE-2020-5758HIGH8.8ten sam produkt

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...

CVE-2020-5726HIGH7.5ten sam produkt

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8...