CVE-2020-5722 — Grandstream Networks UCM6200 Series SQL Injection Vulnerability
2022-01-28 • CISA Known Exploited Vulnerability
[event] Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Grandstream |
| Product | UCM6200 |
| CWE | CWE-89 |
| CVE ID | CVE-2020-5722 |
| Date Added | 2022-01-28 |
| Due Date | 2022-07-28 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-07-28