OS Command Injection Vulnerability in Grandstream UCM6200 Series Firmware Version 1.0.20.23 and Below via HTTP

OS Command Injection Vulnerability in Grandstream UCM6200 Series Firmware Version 1.0.20.23 and Below via HTTP

CVE-2020-5758 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.

Learn more about our Api Penetration Testing.