HIGH🇬🇧 English

CVE-2020-5758

CVSS 8.8v3.1pub. 2020-07-17upd. 2024-11-21

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Grandstream Ucm6202

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Ucm6202 Firmware

    OS
    Grandstream
    ≤ 1.0.20.23
  • Grandstream Ucm6204

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Ucm6204 Firmware

    OS
    Grandstream
    ≤ 1.0.20.23
  • Grandstream Ucm6208

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Ucm6208 Firmware

    OS
    Grandstream
    ≤ 1.0.20.23
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2020-5757CRITICAL9.8ten sam produkt

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...

CVE-2020-5759CRITICAL9.8ten sam produkt

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH....

CVE-2020-5723CRITICAL9.8ten sam produkt

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could all...

CVE-2020-5726HIGH7.5ten sam produkt

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8...

CVE-2020-5724HIGH7.5ten sam produkt

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websoc...