Critical Risk Disclosed
CVE-2020-5757
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.
Exploitation Probability (EPSS)
Low Priority18.52%
The Exploit Prediction Scoring System (EPSS) uses machine learning to estimate the probability that a vulnerability will be exploited in the wild within the next 30 days.
0% (Theoretical)100% (Certainty)
7-Day Exploitation Trend
Vulnerability Timeline
2 eventsJul 17, 2020
Vulnerability Disclosed
Published to component-level vulnerability database.
Jul 23, 2020
Last Updated
Record updated with new analysis or tags.
Threat Actor Attribution
PREMIUM INTELAssociated Groups:Lazarus Group, APT28
Ransomware Campaigns:LockBit 3.0, BlackCat
IoCs (Indicators):14 IPs, 3 Hashes
Remediation & Mitigation
SOLUTIONOfficial patches and mitigation steps are available for this vulnerability.
# Update Command
apt-get update && apt-get upgrade -y specific-package
# Verify installation
dpkg -l | grep package-name
apt-get update && apt-get upgrade -y specific-package
# Verify installation
dpkg -l | grep package-name
Affected Products
6 Total
grandstream/ucm6202_firmwareAll Versions
grandstream/ucm6202-
grandstream/ucm6204_firmwareAll Versions
grandstream/ucm6204-
grandstream/ucm6208_firmwareAll Versions
Am I Vulnerable?
Check your domain or package.json for CVE-2020-5757 exposure.
Vulnerability Details
CVSS Base Score
9.8/ 10
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published Date
Jul 17, 2020
Last Modified
Jul 23, 2020
Need Manual Validation?
Automated scanners flag false positives. Get a manual pentest validation for this CVE.