Описание
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
Ссылки
- Broken LinkThird Party Advisory
- Not Applicable
- Broken LinkThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.20.23 (включая)
Одновременно
cpe:2.3:o:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:ucm6202:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.0.20.23 (включая)
Одновременно
cpe:2.3:o:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:ucm6204:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 1.0.20.23 (включая)
Одновременно
cpe:2.3:o:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:ucm6208:-:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05192
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
CWE-78
Связанные уязвимости
github
больше 3 лет назад
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
EPSS
Процентиль: 90%
0.05192
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
CWE-78