Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGrandstream Ucm6202
HWGrandstreamwszystkie wersjeGrandstream Ucm6202 Firmware
OSGrandstream≤ 1.0.20.23Grandstream Ucm6204
HWGrandstreamwszystkie wersjeGrandstream Ucm6204 Firmware
OSGrandstream≤ 1.0.20.23Grandstream Ucm6208
HWGrandstreamwszystkie wersjeGrandstream Ucm6208 Firmware
OSGrandstream≤ 1.0.20.23
Related vulnerabilities
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could all...
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP...
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8...
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websoc...