Vulnerabilities > Grandstream > Ucm6208 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-17 | CVE-2020-5759 | OS Command Injection vulnerability in Grandstream products Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. | 10.0 |
| 2020-07-17 | CVE-2020-5758 | OS Command Injection vulnerability in Grandstream products Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. | 9.0 |
| 2020-07-17 | CVE-2020-5757 | OS Command Injection vulnerability in Grandstream products Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. | 10.0 |
| 2020-03-30 | CVE-2020-5726 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. | 5.0 |
| 2020-03-30 | CVE-2020-5725 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. | 4.3 |
| 2020-03-30 | CVE-2020-5724 | SQL Injection vulnerability in Grandstream products The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. | 5.0 |
| 2020-03-30 | CVE-2020-5723 | Cleartext Storage of Sensitive Information vulnerability in Grandstream products The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. | 5.0 |