Grandstream Ucm6202 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Grandstream Ucm6202 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2020-5757 — CVSS 9.8 (critical): Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote…
CVE-2020-5759 — CVSS 9.8 (critical): Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote…
CVE-2020-5723 — CVSS 9.8 (critical): The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve…
CVE-2020-5758 — CVSS 8.8 (high): Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote…
CVE-2020-5726 — CVSS 7.5 (high): The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated…
CVE-2020-5724 — CVSS 7.5 (high): The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote…
CVE-2020-5725 — CVSS 5.9 (medium): The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote…