The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2020-03-30T19:03:52

Updated: 2024-08-04T08:39:25.691Z

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5726

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-03-30T20:15:20.180

Modified: 2024-11-21T05:34:29.507

Link: CVE-2020-5726

cve-icon Redhat

No data.