Grandstream: >> Ucm6204 Firmware >> 1.0.20.23 Security Vulnerabilities
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.
CVSS Score
9.8
EPSS Score
0.185
Published
2020-07-17
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
CVSS Score
8.8
EPSS Score
0.06
Published
2020-07-17
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
CVSS Score
9.8
EPSS Score
0.081
Published
2020-07-17