{"vulnerability": "cve-2020-5722", "sightings": [{"uuid": "40fad47d-5ae4-4019-8ce4-d354a0217c04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "https://t.me/arpsyndicate/1398", "content": "#ExploitObserverAlert\n\nCVE-2020-5722\n\nDESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-5722. The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.\n\nFIRST-EPSS: 0.974970000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T05:23:02.000000Z"}, {"uuid": "3216a1a6-3639-405c-bde8-c3ba3e3bc752", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "MISP/25aef508-b116-4d75-84b2-b6ceff906e44", "content": "", "creation_timestamp": "2020-10-16T06:55:52.000000Z"}, {"uuid": "fbf0a349-e325-4438-9aef-8ff332ee8b49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "a408e57a-5647-4a03-88e4-ab4e87ea9e1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:27.000000Z"}, {"uuid": "2a42559e-612d-470f-ba25-1dff7c743e2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/grandstream_ucm62xx_sendemail_rce.rb", "content": "", "creation_timestamp": "2022-01-25T03:22:53.000000Z"}, {"uuid": "68dbb066-3d9f-4182-ac6b-aea0aac4dbfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3md23iwjdvv2c", "content": "", "creation_timestamp": "2026-01-22T21:03:04.800649Z"}, {"uuid": "d6c6cac4-9deb-4963-88ec-e89f33b0f64c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/db68b2cb-d879-483f-b6a1-a86f164aa087", "content": "", "creation_timestamp": "2026-02-02T12:28:25.866748Z"}, {"uuid": "c2b9ff04-69f7-4c4c-941a-b840c311e881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/db68b2cb-d879-483f-b6a1-a86f164aa087", "content": "", "creation_timestamp": "2026-02-02T12:28:25.866748Z"}, {"uuid": "b6e38c87-0244-4826-b379-38e89d80a967", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "exploited", "source": "https://t.me/SecLabNews/7334", "content": "\u0411\u043e\u0442\u043d\u0435\u0442 Hoaxcalls \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Grandstream UCM6200 \u0447\u0435\u0440\u0435\u0437 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-5722. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 HTTP-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0441\u0438\u0441\u0442\u0435\u043c IP PBX \u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 (9,8 \u0431\u0430\u043b\u043b\u0430 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS3.1). \u0421 \u0435\u0435 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e \u0447\u0435\u0440\u0435\u0437 \u043e\u0441\u043e\u0431\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u0441\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f (\u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0434\u043e 1.0.19.20) \u0438\u043b\u0438 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c HTML-\u043a\u043e\u0434 \u0432 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0435 \u043f\u0438\u0441\u044c\u043c\u043e \u0434\u043b\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u043e\u043b\u044f (\u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0434\u043e 1.0.20.17).    \nHoaxcalls \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Grandstream UCM6200 \u0447\u0435\u0440\u0435\u0437 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c", "creation_timestamp": "2020-04-13T09:10:02.000000Z"}, {"uuid": "5786b932-7afc-4333-83cb-b0d098d34174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:45.000000Z"}, {"uuid": "66bc712d-387d-4ed7-858e-adf46231206a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "exploited", "source": "https://t.me/true_secator/456", "content": "Security Week \u043f\u0438\u0448\u0435\u0442, \u0447\u0442\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Tenable \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u043f\u043e\u044f\u0432\u0438\u0432\u0448\u0435\u043c\u0441\u044f \u043e\u043a\u043e\u043b\u043e \u043d\u0435\u0434\u0435\u043b\u0438 \u043d\u0430\u0437\u0430\u0434 \u043d\u043e\u0432\u043e\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u0435 \u0431\u043e\u0442\u043d\u0435\u0442\u0430 Hoaxcalls.\n\n\u0411\u043e\u0442\u043d\u0435\u0442 \u0441\u0442\u0430\u043b \u043d\u0430\u0446\u0435\u043b\u0435\u043d \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-5722 \u0432 \u043e\u0444\u0438\u0441\u043d\u044b\u0445 \u043c\u0438\u043d\u0438-\u0410\u0422\u0421 Grandstream UCM6200. \u041e\u0448\u0438\u0431\u043a\u0430 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442\u0441\u044f \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0440\u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u043f\u0430\u0440\u043e\u043b\u044f \u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043b\u0438\u0431\u043e \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u043a\u043e\u0434\u0430 \u0441 \u0440\u0443\u0442\u043e\u0432\u044b\u043c\u0438 \u043f\u0440\u0430\u0432\u0430\u043c\u0438, \u043b\u0438\u0431\u043e \u043a \u0432\u0441\u0442\u0430\u0432\u043a\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e HTML-\u043a\u043e\u0434\u0430 \u0432 \u043f\u0438\u0441\u044c\u043c\u043e \u043e \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u043f\u0430\u0440\u043e\u043b\u044f.\n\n \u0412 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f DDoS-\u0430\u0442\u0430\u043a.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Palo Alto Networks, \u044d\u0442\u043e\u0442 \u0431\u043e\u0442\u043d\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-8515 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u043c\u0438 Draytek Vigor.\n\n\u041e\u0431\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043f\u0440\u043e\u0448\u0438\u0432\u043e\u043a \u043e\u0431\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u043f\u043e\u044d\u0442\u043e\u043c\u0443, \u0435\u0441\u043b\u0438 \u0432\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0435 \u0447\u0442\u043e-\u0442\u043e \u0438\u0437 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0433\u043e, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0441\u0440\u043e\u0447\u043d\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0430\u043f\u0434\u0435\u0439\u0442.", "creation_timestamp": "2020-04-10T16:33:40.000000Z"}, {"uuid": "accab37f-f7a9-4927-a0fc-0ed3a2cad51d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/843", "content": "#exploit\nCVE-2020-5722:\nGrandstream UCM6202 IP PBX 1.0.18.x - Remote Command Injection\nhttps://www.tenable.com/security/research/tra-2020-15\n]-> PoC: https://www.exploit-db.com/exploits/48247", "creation_timestamp": "2022-01-24T23:55:08.000000Z"}, {"uuid": "ce0546f8-3b07-4d30-8b66-1244589cb1ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "MISP/3e3792b8-d224-49c1-adcb-cf1dafc6174d", "content": "", "creation_timestamp": "2020-10-09T14:02:50.000000Z"}, {"uuid": "a61e6e54-3407-4d80-b2ab-66ec7e91a24e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "MISP/cbd9bbb3-3f53-4610-9d91-9191ff0a9ca8", "content": "", "creation_timestamp": "2020-10-15T15:07:04.000000Z"}, {"uuid": "60a7b498-0c46-404d-9b17-7311f77a66a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971233", "content": "", "creation_timestamp": "2024-12-24T20:26:15.982295Z"}, {"uuid": "7471230a-14f8-450e-9230-5d56ecafc0c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "26003db7-08d5-4ba5-919e-cf31c03a32d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:29.000000Z"}, {"uuid": "20e7343c-3c0a-4d72-bc60-ec9c3703ed80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:03.000000Z"}, {"uuid": "1e84b99a-ab98-4c87-b049-24535ae73e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5722", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-5722.yaml", "content": "", "creation_timestamp": "2026-01-21T08:12:14.000000Z"}]}