1. Home
  2. CVE Database
  3. CVE-2020-5758
HIGH · 8.8

CVE-2020-5758

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a craf...

Vulnerability Description

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
GrandstreamUcm6202 Firmware<= 1.0.20.23
GrandstreamUcm6202-
GrandstreamUcm6204 Firmware<= 1.0.20.23
GrandstreamUcm6204-
GrandstreamUcm6208 Firmware<= 1.0.20.23
GrandstreamUcm6208-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2020-5758?

CVE-2020-5758 is a vulnerability with a CVSS score of 8.8 (HIGH). Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a craf...

How severe is CVE-2020-5758?

CVE-2020-5758 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5758?

Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Ucm6202 Firmware, Grandstream Ucm6202, Grandstream Ucm6204 Firmware, Grandstream Ucm6204, Grandstream Ucm6208 Firmware.