Grandstream UCM6204 prior to 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
grandstream ucm6204_firmware |