Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HGrandstream Ucm6202
HWGrandstreamwszystkie wersjeGrandstream Ucm6202 Firmware
OSGrandstream≤ 1.0.20.23Grandstream Ucm6204
HWGrandstreamwszystkie wersjeGrandstream Ucm6204 Firmware
OSGrandstream≤ 1.0.20.23Grandstream Ucm6208
HWGrandstreamwszystkie wersjeGrandstream Ucm6208 Firmware
OSGrandstream≤ 1.0.20.23
Powiązane podatności
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH....
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could all...
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8...
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websoc...