) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:grandstream:ucm6204_firmware:1.0.20.22:*:*:*:*:*:*:*
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2020-5759 |
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command. Published: July 17, 2020; 5:15:13 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2020-5758 |
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API. Published: July 17, 2020; 5:15:13 PM -0400 |
V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2020-5757 |
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API. Published: July 17, 2020; 5:15:13 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |