CVE-2020-5722
CVE-2020-5722
In short
The Grandstream UCM6200 phone system has an unprotected SQL injection flaw that allows attackers to send specially crafted requests and run commands with full system privileges, or inject malicious content into password recovery emails.
Technical detail
Unauthenticated remote SQL injection via HTTP interface enables arbitrary command execution as root (CWE-89). Attack vector requires crafted HTTP requests; no authentication bypass needed. Impact includes complete system compromise in affected versions (< 1.0.19.20) or email content manipulation (< 1.0.20.17).
Summary generated and translated by AI from the official description.
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Grandstream UCM6200 Seriespublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/156876/UCM6202-1.0.18.13-Remote-Command-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/165708/Grandstream-UCM62xx-IP-PBX-sendPasswordEmail-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48247unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/156876/UCM6202-1.0.18.13-Remote-Command-Injection.htmlhttp://packetstormsecurity.com/files/165708/Grandstream-UCM62xx-IP-PBX-sendPasswordEmail-Remote-Code-Execution.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5722https://www.tenable.com/security/research/tra-2020-15