CRITICAL🇵🇱 Wersja polska

CVE-2020-5723

CVSS 9.8v3.1pub. 2020-03-30upd. 2024-11-21

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Grandstream Ucm6202

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Ucm6202 Firmware

    OS
    Grandstream
    < 1.0.20.22
  • Grandstream Ucm6204

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Ucm6204 Firmware

    OS
    Grandstream
    < 1.0.20.22
  • Grandstream Ucm6208

    HW
    Grandstream
    wszystkie wersje
  • Grandstream Ucm6208 Firmware

    OS
    Grandstream
    < 1.0.20.22
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-5757CRITICAL9.8ten sam produkt

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...

CVE-2020-5759CRITICAL9.8ten sam produkt

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH....

CVE-2020-5758HIGH8.8ten sam produkt

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...

CVE-2020-5726HIGH7.5ten sam produkt

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8...

CVE-2020-5724HIGH7.5ten sam produkt

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websoc...