Grandstream Ucm6200 Series
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:grandstream_ucm6200_series:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Grandstream Ucm6200 Series (8b28be07-b176-5711-a6f9-6144d08061b1) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-5759 |
vulnerable | 2026-06-08 05:26:43.676265 |
Details available
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
Published: 2020-07-17T20:35:51.000Z
Updated: 2024-08-04T08:39:25.757Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5758 |
vulnerable | 2026-06-08 05:26:43.675567 |
Details available
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
Published: 2020-07-17T20:35:47.000Z
Updated: 2024-08-04T08:39:25.723Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5757 |
vulnerable | 2026-06-08 05:26:43.674896 |
Details available
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.
Published: 2020-07-17T20:35:44.000Z
Updated: 2024-08-04T08:39:25.872Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5726 |
vulnerable | 2026-06-08 05:26:43.580804 |
Details available
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
Published: 2020-03-30T19:03:52.000Z
Updated: 2024-08-04T08:39:25.691Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5725 |
vulnerable | 2026-06-08 05:26:43.580358 |
Details available
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords.
Published: 2020-03-30T19:03:44.000Z
Updated: 2024-08-04T08:39:25.770Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5724 |
vulnerable | 2026-06-08 05:26:43.579867 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5723 |
vulnerable | 2026-06-08 05:26:43.574185 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5722 |
vulnerable | 2026-06-08 05:26:43.571971 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.