Vulnerabilities > Grandstream > Ucm6202 Firmware > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-17 | CVE-2020-5758 | OS Command Injection vulnerability in Grandstream products Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. | 8.8 |
2020-03-30 | CVE-2020-5726 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. | 7.5 |
2020-03-30 | CVE-2020-5724 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. | 7.5 |