CVE-2020-5759

EPSS 3.2%CWE-78

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.

Affected products

n/a · Grandstream UCM6200 Series

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.tenable.com/security/research/tra-2020-42