What is the severity of CVE-2020-5758?

The severity of CVE-2020-5758 is critical with a CVSS score of 8.8.

How does CVE-2020-5758 affect Grandstream UCM6200 series firmware?

CVE-2020-5758 allows an authenticated remote attacker to execute OS commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.

Which versions of Grandstream UCM6200 series firmware are affected by CVE-2020-5758?

Grandstream UCM6200 series firmware version 1.0.20.23 and below are affected by CVE-2020-5758.

How can an attacker exploit CVE-2020-5758?

An attacker can exploit CVE-2020-5758 by sending a specially crafted HTTP GET request to the UCM's "Old" HTTPS API.

Is Grandstream UCM6202 firmware version 1.0.20.23 vulnerable to CVE-2020-5758?

Yes, Grandstream UCM6202 firmware version 1.0.20.23 is vulnerable to CVE-2020-5758.

Vulnerability/
CVE-2020-5758

critical

CWE

78 77

17/7/2020

23/7/2020

CVE-2020-5758: OS Command Injection

First published: Fri Jul 17 2020(Updated: )

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.

Credit: vulnreport@tenable.com

Affected Software	Affected Version	How to fix
Grandstream Ucm6202 Firmware	<=1.0.20.23
Grandstream Ucm6202
Grandstream Ucm6204 Firmware	<=1.0.20.23
Grandstream UCM6204
Grandstream Ucm6208 Firmware	<=1.0.20.23
Grandstream Ucm6208

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-5758?
The severity of CVE-2020-5758 is critical with a CVSS score of 8.8.
How does CVE-2020-5758 affect Grandstream UCM6200 series firmware?
CVE-2020-5758 allows an authenticated remote attacker to execute OS commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
Which versions of Grandstream UCM6200 series firmware are affected by CVE-2020-5758?
Grandstream UCM6200 series firmware version 1.0.20.23 and below are affected by CVE-2020-5758.
How can an attacker exploit CVE-2020-5758?
An attacker can exploit CVE-2020-5758 by sending a specially crafted HTTP GET request to the UCM's "Old" HTTPS API.
Is Grandstream UCM6202 firmware version 1.0.20.23 vulnerable to CVE-2020-5758?
Yes, Grandstream UCM6202 firmware version 1.0.20.23 is vulnerable to CVE-2020-5758.

collector/nvd-index
agent/severity
agent/author
agent/weakness
agent/references
agent/tags
agent/description
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
vendor/grandstream
canonical/grandstream ucm6202 firmware
version/grandstream ucm6202 firmware/1.0.20.23
canonical/grandstream ucm6202
canonical/grandstream ucm6204 firmware
version/grandstream ucm6204 firmware/1.0.20.23
canonical/grandstream ucm6204
canonical/grandstream ucm6208 firmware
version/grandstream ucm6208 firmware/1.0.20.23
canonical/grandstream ucm6208

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.