The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGrandstream Ucm6202
HWGrandstreamwszystkie wersjeGrandstream Ucm6202 Firmware
OSGrandstream< 1.0.20.22Grandstream Ucm6204
HWGrandstreamwszystkie wersjeGrandstream Ucm6204 Firmware
OSGrandstream< 1.0.20.22Grandstream Ucm6208
HWGrandstreamwszystkie wersjeGrandstream Ucm6208 Firmware
OSGrandstream< 1.0.20.22
Powiązane podatności
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH....
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8...
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websoc...