CVE-2020-5757: OS Command Injection
First published: Fri Jul 17 2020(Updated: )
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Grandstream Ucm6202 Firmware | <=1.0.20.23 | |
| Grandstream Ucm6202 | ||
| Grandstream Ucm6204 Firmware | <=1.0.20.23 | |
| Grandstream UCM6204 | ||
| Grandstream Ucm6208 Firmware | <=1.0.20.23 | |
| Grandstream Ucm6208 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5757?
CVE-2020-5757 is a vulnerability in the Grandstream UCM6200 series firmware that allows an authenticated remote attacker to execute commands as the root user.
What is the severity of CVE-2020-5757?
CVE-2020-5757 has a severity rating of 9.8, which is considered critical.
How does CVE-2020-5757 work?
CVE-2020-5757 exploits an OS command injection vulnerability via HTTP in the Grandstream UCM6200 series firmware.
Which versions of Grandstream UCM6200 firmware are affected?
Grandstream UCM6200 firmware version 1.0.20.23 and below are affected by CVE-2020-5757.
Is the Grandstream UCM6202 affected by CVE-2020-5757?
Yes, the Grandstream UCM6202 firmware version 1.0.20.23 and below are vulnerable to CVE-2020-5757.
- collector/nvd-index
- vendor/grandstream
- product/ucm6202 firmware
- canonical/grandstream ucm6202 firmware
- product/ucm6202
- canonical/grandstream ucm6202
- product/ucm6204 firmware
- canonical/grandstream ucm6204 firmware
- product/ucm6204
- canonical/grandstream ucm6204
- product/ucm6208 firmware
- canonical/grandstream ucm6208 firmware
- product/ucm6208
- canonical/grandstream ucm6208