Vulnerability Details CVE-2019-10662
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.106
EPSS Ranking 92.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2019-10662
-
cpe:2.3:h:grandstream:ucm6204:-
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.10.44
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.11.27
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.12.19
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.13.14
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.14.24
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.15.16
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.16.20
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.17.16
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.18.13
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.2.97
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.9.97