Vulnerabilities > Grandstream > Ucm6202 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-30 | CVE-2020-5726 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. | 5.0 |
| 2020-03-30 | CVE-2020-5725 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. | 4.3 |
| 2020-03-30 | CVE-2020-5724 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. | 5.0 |
| 2020-03-30 | CVE-2020-5723 | Cleartext Storage of Sensitive Information vulnerability in Grandstream products The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. | 5.0 |