Vulnerabilities > Grandstream > Ucm6208 Firmware

DATE CVE VULNERABILITY TITLE RISK
2020-07-17 CVE-2020-5759 OS Command Injection vulnerability in Grandstream products
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH.
network
low complexity
grandstream CWE-78
critical
 9.8
9.8
2020-07-17 CVE-2020-5758 OS Command Injection vulnerability in Grandstream products
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP.
network
low complexity
grandstream CWE-78
8.8
8.8
2020-07-17 CVE-2020-5757 OS Command Injection vulnerability in Grandstream products
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP.
network
low complexity
grandstream CWE-78
critical
 9.8
9.8
2020-03-30 CVE-2020-5726 SQL Injection vulnerability in Grandstream products
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888.
network
low complexity
grandstream CWE-89
7.5
7.5
2020-03-30 CVE-2020-5725 SQL Injection vulnerability in Grandstream products
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint.
network
high complexity
grandstream CWE-89
5.9
5.9
2020-03-30 CVE-2020-5724 SQL Injection vulnerability in Grandstream products
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint.
network
low complexity
grandstream CWE-89
7.5
7.5
2020-03-30 CVE-2020-5723 Cleartext Storage of Sensitive Information vulnerability in Grandstream products
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database.
network
low complexity
grandstream CWE-312
critical
 9.8
9.8