{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T09:57:06.802","vulnerabilities":[{"cve":{"id":"CVE-2020-5757","sourceIdentifier":"vulnreport@tenable.com","published":"2020-07-17T21:15:13.700","lastModified":"2024-11-21T05:34:32.900","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's \"New\" HTTPS API."},{"lang":"es","value":"Grandstream serie UCM6200 versiones de firmware 1.0.20.23 y posterior, es vulnerable a una inyección de comandos del Sistema Operativo por medio de HTTP. Un atacante autenticado remoto puede omitir las mitigaciones de inyección de comandos y ejecutar comandos como usuario root mediante el envío de un HTTP POST diseñado hacia la API HTTPS \"New\" de UCM"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.20.23","matchCriteriaId":"685CBD60-7C46-4DF8-A25C-8003D02B0175"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:grandstream:ucm6202:-:*:*:*:*:*:*:*","matchCriteriaId":"9864BD0F-BE9C-4F72-AB57-77036699029B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.20.23","matchCriteriaId":"6A180364-ABDF-49EE-80CB-31DA799DDA1C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:grandstream:ucm6204:-:*:*:*:*:*:*:*","matchCriteriaId":"B5A26ABB-8BED-4E61-91AA-ABF1B90CBD81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.20.23","matchCriteriaId":"50793718-3D0C-449C-940E-3157259B9F06"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:grandstream:ucm6208:-:*:*:*:*:*:*:*","matchCriteriaId":"EA744718-8862-4579-B9CF-E1E8137A02E6"}]}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2020-42","source":"vulnreport@tenable.com","tags":["Not Applicable"]},{"url":"https://www.tenable.com/cve/CVE-2020-5757","source":"nvd@nist.gov","tags":["Third Party Advisory"]},{"url":"https://www.tenable.com/security/research/tra-2020-42","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable"]}]}}]}