CVE-2020-5722 - Grandstream Networks UCM6200 Series SQL Injection Vulnerability
Project:Grandstream
Product:UCM6200
Date Added:2022-01-28Due Date:2022-07-28
Vulnerability Name
Grandstream Networks UCM6200 Series SQL Injection Vulnerability
Description
Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-5722