Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
grandstream ucm6202_firmware |
||
grandstream ucm6204_firmware |
||
grandstream ucm6208_firmware |