The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2020-03-30T19:03:44

Updated: 2024-08-04T08:39:25.770Z

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5725

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-03-30T20:15:20.133

Modified: 2024-11-21T05:34:29.400

Link: CVE-2020-5725

cve-icon Redhat

No data.