CVE-2020-5723

CRITICAL

Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump

Title source: metasploit

Description

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.

Exploits (1)

metasploit WORKING POC

by jbaines-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/grandstream_ucm62xx_sql_account_guess.rb

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2020-17

Scores

CVSS v3 9.8

EPSS 0.5179

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-312

Status published

Products (3)

grandstream/ucm6202_firmware < 1.0.20.22

grandstream/ucm6204_firmware < 1.0.20.22

grandstream/ucm6208_firmware < 1.0.20.22

Published Mar 30, 2020

Tracked Since Feb 18, 2026