Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:grandstream_ucm6200_series:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductGrandstream Ucm6200 Series (8b28be07-b176-5711-a6f9-6144d08061b1)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-5759 vulnerable 2026-06-08 05:26:43.676265 Details available
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
Published: 2020-07-17T20:35:51.000Z
Updated: 2024-08-04T08:39:25.757Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-5758 vulnerable 2026-06-08 05:26:43.675567 Details available
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
Published: 2020-07-17T20:35:47.000Z
Updated: 2024-08-04T08:39:25.723Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-5757 vulnerable 2026-06-08 05:26:43.674896 Details available
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.
Published: 2020-07-17T20:35:44.000Z
Updated: 2024-08-04T08:39:25.872Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-5726 vulnerable 2026-06-08 05:26:43.580804 Details available
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
Published: 2020-03-30T19:03:52.000Z
Updated: 2024-08-04T08:39:25.691Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-5725 vulnerable 2026-06-08 05:26:43.580358 Details available
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords.
Published: 2020-03-30T19:03:44.000Z
Updated: 2024-08-04T08:39:25.770Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-5724 vulnerable 2026-06-08 05:26:43.579867 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-5723 vulnerable 2026-06-08 05:26:43.574185 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-5722 vulnerable 2026-06-08 05:26:43.571971 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.