Описание
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.
Ссылки
- Not Applicable
- Third Party Advisory
- Not Applicable
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.20.23 (включая)
Одновременно
cpe:2.3:o:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:ucm6202:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.0.20.23 (включая)
Одновременно
cpe:2.3:o:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:ucm6204:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 1.0.20.23 (включая)
Одновременно
cpe:2.3:o:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:ucm6208:-:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.18523
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
CWE-78
Связанные уязвимости
github
больше 3 лет назад
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.
EPSS
Процентиль: 95%
0.18523
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
CWE-78