← back
CVE-2020-5724

CVE-2020-5724

EPSS 11.9%CWE-89
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 11.9%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
30 Mar 2020Metasploit module available
30 Mar 2020Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
Affected products
n/a · Grandstream UCM6200 series

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.tenable.com/security/research/tra-2020-17