CVE-2020-5757
N/A
N/A
Summary
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Grandstream UCM6200 Series | Versions 1.0.20.23 and below | affected |
Weaknesses
- CWE-78: CWE-78
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.