CVE-2020-5723

Summary

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.

Affected Software

VendorProductVersion RangeStatus
n/aGrandstream UCM6200 series1.0.20.20 and belowaffected

Weaknesses

  • CWE-312: Cleartext Password Storage (CWE-312)

ADP Enrichment

CVE Program Container

Additional References

References