{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T02:10:35.194","vulnerabilities":[{"cve":{"id":"CVE-2020-5758","sourceIdentifier":"vulnreport@tenable.com","published":"2020-07-17T21:15:13.810","lastModified":"2024-11-21T05:34:33.010","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's \"Old\" HTTPS API."},{"lang":"es","value":"Grandstream serie UCM6200 versiones de firmware 1.0.20.23 y posterior, es vulnerable a una inyección de comandos del Sistema Operativo por medio de HTTP. Un atacante autenticado remoto puede ejecutar comandos como usuario root mediante el envío de un HTTP GET diseñado hacia la API HTTPS \"Old\" de UCM"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.20.23","matchCriteriaId":"685CBD60-7C46-4DF8-A25C-8003D02B0175"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:grandstream:ucm6202:-:*:*:*:*:*:*:*","matchCriteriaId":"9864BD0F-BE9C-4F72-AB57-77036699029B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.20.23","matchCriteriaId":"6A180364-ABDF-49EE-80CB-31DA799DDA1C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:grandstream:ucm6204:-:*:*:*:*:*:*:*","matchCriteriaId":"B5A26ABB-8BED-4E61-91AA-ABF1B90CBD81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.20.23","matchCriteriaId":"50793718-3D0C-449C-940E-3157259B9F06"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:grandstream:ucm6208:-:*:*:*:*:*:*:*","matchCriteriaId":"EA744718-8862-4579-B9CF-E1E8137A02E6"}]}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2020-42","source":"vulnreport@tenable.com","tags":["Broken Link","Third Party Advisory"]},{"url":"https://www.tenable.com/cve/CVE-2020-5758","source":"nvd@nist.gov","tags":["Not Applicable"]},{"url":"https://www.tenable.com/security/research/tra-2020-42","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory"]}]}}]}