← ExploitWatch
HomeExploited Vulnerabilities

CVE-2020-5722 — Actively Exploited: UCM6200 (Grandstream)

Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root.

CVE IDCVE-2020-5722
VendorGrandstream
ProductUCM6200
Vulnerability nameGrandstream Networks UCM6200 Series SQL Injection Vulnerability
Date added2022-01-28
Remediation due2022-07-28
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionGrandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →