Vulnerabilities > Grandstream > Ucm6204 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-17 | CVE-2020-5759 | OS Command Injection vulnerability in Grandstream products Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. | 9.8 |
| 2020-07-17 | CVE-2020-5758 | OS Command Injection vulnerability in Grandstream products Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. | 8.8 |
| 2020-07-17 | CVE-2020-5757 | OS Command Injection vulnerability in Grandstream products Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. | 9.8 |
| 2020-03-30 | CVE-2020-5726 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. | 7.5 |
| 2020-03-30 | CVE-2020-5725 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. | 5.9 |
| 2020-03-30 | CVE-2020-5724 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. | 7.5 |
| 2020-03-30 | CVE-2020-5723 | Cleartext Storage of Sensitive Information vulnerability in Grandstream products The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. | 9.8 |
| 2019-03-30 | CVE-2019-10663 | SQL Injection vulnerability in Grandstream Ucm6204 Firmware Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI. | 8.8 |
| 2019-03-30 | CVE-2019-10662 | OS Command Injection vulnerability in Grandstream Ucm6204 Firmware Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI. | 8.8 |