CVE-2020-5722
Grandstream Networks UCM6200 Series SQL Injection Vulnerability
CVSS
—
No CVSS
EPSS
83.9%
p100
KEV
YES
Jan 28, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
83.9%EPSS · 30 days83.9%
2026-06-302026-07-16
Product
Grandstream / UCM6200
Vulnerability
Grandstream Networks UCM6200 Series SQL Injection Vulnerability
Added to KEV
Jan 28, 2022
Remediate by
Jul 28, 2022
Known ransomware use
No
Summary description
Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-5722
No related CVEs by CWE or product.