The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NGrandstream Ucm6202
HWGrandstreamwszystkie wersjeGrandstream Ucm6202 Firmware
OSGrandstream< 1.0.20.22Grandstream Ucm6204
HWGrandstreamwszystkie wersjeGrandstream Ucm6204 Firmware
OSGrandstream< 1.0.20.22Grandstream Ucm6208
HWGrandstreamwszystkie wersjeGrandstream Ucm6208 Firmware
OSGrandstream< 1.0.20.22
Related vulnerabilities
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH....
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could all...
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8...