Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Grandstream UCM Series IP PBX HTTP Parameter Injection
Vulnerability Description
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
参数分隔符转义处理不恰当
Vulnerability Title
Grandstream UCM Series IP PBX 安全漏洞
Vulnerability Description
Grandstream UCM Series是美国潮流网络(Grandstream)公司的一系列 IP PBX 设备。 Grandstream UCM Series IP PBX 1.0.20.52之前固件版本存在安全漏洞,该漏洞源于允许经过身份验证的远程攻击者通过发送精心设计的 HTTP 请求来执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A