Unrated severityCISA KEVNVD Advisory· Published Mar 23, 2020· Updated Oct 21, 2025

CVE-2020-5722

Description

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.

Affected products

N/A/Grandstream Ucm6200 Seriesv5
Range: Before 1.0.20.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/156876/UCM6202-1.0.18.13-Remote-Command-Injection.htmlmitrex_refsource_MISC
packetstormsecurity.com/files/165708/Grandstream-UCM62xx-IP-PBX-sendPasswordEmail-Remote-Code-Execution.htmlmitrex_refsource_MISC
www.tenable.com/security/research/tra-2020-15mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.074
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000