Security News > 2020 > April > Botnet Targets Critical Vulnerability in Grandstream Appliance
2020-04-10 10:51
The Hoaxcalls botnet is actively targeting a recently patched SQL injection vulnerability in Grandstream UCM6200 series devices, security researchers warn.
Tracked as CVE-2020-5722 and rated critical severity, the vulnerability exists in the HTTP interface of the impacted IP PBX appliance.
For more than a week, the Hoaxcalls botnet has been targeting the vulnerability to ensnare affcted devices and abuse them for distributed denial of service attacks.
The botnet is also targeting Draytek Vigor routers to infect them via another critical vulnerability, Palo Alto Networks security researchers warn.
Hoaxcalls propagates itself by targeting vulnerabilities in the Grandstream and DrayTek devices.
News URL
Related news
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-23 | CVE-2020-5722 | SQL Injection vulnerability in Grandstream Ucm6200 Firmware The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. | 9.8 |