Vulnerabilities > Grandstream > Ucm6204 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2019-03-30 CVE-2019-10662 OS Command Injection vulnerability in Grandstream Ucm6204 Firmware
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI.
network
low complexity
grandstream CWE-78
8.8