CVE-2020-5726

Summary

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.

Affected Software

VendorProductVersion RangeStatus
n/aGrandstream UCM6200 series1.0.20.20 and belowaffected

Weaknesses

  • CWE-89: SQL Injection (CWE-89)

ADP Enrichment

CVE Program Container

Additional References

References