CVE-2020-5723

CRITICAL

Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-5723. PoCs published by jbaines-r7, including Metasploit module auxiliary/gather/grandstream_ucm62xx_sql_account_guess.

AI-analyzed exploit summary This Metasploit module exploits a blind SQL injection (CVE-2020-5724) in Grandstream UCM62xx IP PBX via WebSocket to dump credentials, leveraging cleartext password storage (CVE-2020-5723). It automates credential extraction using boolean-based blind SQLi techniques.

Description

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.

Exploits (1)

metasploit WORKING POC

by jbaines-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/grandstream_ucm62xx_sql_account_guess.rb

View Code ZIP pw:eip

This Metasploit module exploits a blind SQL injection (CVE-2020-5724) in Grandstream UCM62xx IP PBX via WebSocket to dump credentials, leveraging cleartext password storage (CVE-2020-5723). It automates credential extraction using boolean-based blind SQLi techniques.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Grandstream UCM62xx IP PBX (versions < 1.0.20.22)

No auth needed

Prerequisites: Network access to target's WebSocket endpoint (port 8089/SSL) · Vulnerable firmware version

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://www.tenable.com/security/research/tra-2020-17

Scores

CVSS v3 9.8

EPSS 0.0570

EPSS Percentile 92.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-312

Status published

Products (3)

grandstream/ucm6202_firmware < 1.0.20.22

grandstream/ucm6204_firmware < 1.0.20.22

grandstream/ucm6208_firmware < 1.0.20.22

Published Mar 30, 2020

Tracked Since Feb 18, 2026