This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical SQL Injection flaw in the HTTP interface of Grandstream UCM6200.β¦
π‘οΈ **Root Cause**: Unauthenticated Remote SQL Injection. π **CWE**: Not explicitly mapped in data, but fundamentally a **Input Validation Failure** in HTTP request handling.β¦
π **Privileges**: **Root** access! π§ **Data Impact**: 1. Execute arbitrary shell commands as root. 2. Inject HTML into password reset emails (phishing/credential theft). β οΈ This is effectively full server control.
Q5Is exploitation threshold high? (Auth/Config)
π **Auth Requirement**: **None**. It is **Unauthenticated**. π **Config**: Exploitable via crafted HTTP requests remotely. No login needed to trigger the injection. Extremely low barrier to entry for attackers.
π **Self-Check**: 1. Check firmware version against <1.0.19.20 and <1.0.20.17. 2. Use **Nuclei** with the specific CVE template to scan for the SQL injection signature. 3.β¦
π₯ **Urgency**: **CRITICAL**. π¨ **Priority**: **Immediate Action Required**. Since it allows **Root Shell Access** without authentication, this is a high-severity remote code execution (RCE) vulnerability.β¦