Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Grandstream UCM6200 操作系统命令注入漏洞
Vulnerability Description
Grandstream UCM6200是美国潮流网络(Grandstream)公司的一套用于IP电话通信的企业级交换机。 使用1.0.20.23及之前版本固件的Grandstream UCM6200系列中存在操作系统命令注入漏洞。远程攻击者可通过发送特制的HTTP GET请求利用该漏洞以root用户身份在系统上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A