Vulnerabilities > Grandstream > Ucm6204 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-07-17 CVE-2020-5757 OS Command Injection vulnerability in Grandstream products
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP.
network
low complexity
grandstream CWE-78
critical
9.8
2020-07-17 CVE-2020-5759 OS Command Injection vulnerability in Grandstream products
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH.
network
low complexity
grandstream CWE-78
critical
9.8
2020-03-30 CVE-2020-5723 Cleartext Storage of Sensitive Information vulnerability in Grandstream products
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database.
network
low complexity
grandstream CWE-312
critical
9.8