The Grandstream UCM6200 series prior to 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
grandstream ucm6202_firmware |
||
grandstream ucm6204_firmware |
||
grandstream ucm6208_firmware |