CRITICAL🇵🇱 Wersja polska

CVE-2020-5757

CVSS 9.8v3.1pub. 2020-07-17upd. 2024-11-21

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Grandstream Ucm6202

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Ucm6202 Firmware

    OS
    Grandstream
    ≤ 1.0.20.23
  • Grandstream Ucm6204

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Ucm6204 Firmware

    OS
    Grandstream
    ≤ 1.0.20.23
  • Grandstream Ucm6208

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Ucm6208 Firmware

    OS
    Grandstream
    ≤ 1.0.20.23
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2020-5759CRITICAL9.8ten sam produkt

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH....

CVE-2020-5723CRITICAL9.8ten sam produkt

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could all...

CVE-2020-5758HIGH8.8ten sam produkt

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...

CVE-2020-5726HIGH7.5ten sam produkt

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8...

CVE-2020-5724HIGH7.5ten sam produkt

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websoc...