What is CVE-2020-5722?

The Grandstream UCM6200 series firmware is affected by a critical SQL injection vulnerability allowing remote code execution. Immediate patching is required to mitigate risks.

What is the severity of CVE-2020-5722?

CVE-2020-5722 has a severity rating of CRITICAL with a CVSS base score of 9.8.

Is CVE-2020-5722 in CISA KEV?

Yes. CVE-2020-5722 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2020-5722 | Critical Vulnerability in Grandstream UCM6200 Firmware

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. This vulnerability allows attackers to execute shell commands as root on affected versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. With a CVSS score of 9.8, this vulnerability is classified as critical, highlighting its potential for severe exploitation.

Risk to organizations includes unauthorized access and control over the affected systems, which can lead to data breaches and further attacks. Given the ease of exploitation, organizations with vulnerable systems must prioritize patching immediately.

As of now, this vulnerability has been included in the Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. Therefore, it is critical for organizations to address this issue in their patch management processes.

Organizations should assess their exposure to this vulnerability and apply necessary patches as soon as possible to mitigate the risks associated with this critical vulnerability.

Vulnerability Details

The vulnerability is classified under CWE-89, which denotes SQL injection flaws. The CVSS score of 9.8 reflects the severity and potential impact of this vulnerability. The affected product is the Grandstream UCM6200 series firmware, specifically versions prior to 1.0.19.20.

This vulnerability was published on March 23, 2020, and has undergone analysis since its discovery.

Technical Analysis

The root cause of this vulnerability lies in the improper validation of user input in the HTTP interface, allowing attackers to craft HTTP requests that can manipulate SQL queries. The attack vector is network-based, requiring no authentication or user interaction, making it easier for attackers to exploit it.

The attack complexity is considered low, as attackers do not need any special conditions beyond network access to exploit the vulnerability. The impact of exploitation includes high confidentiality, integrity, and availability impacts, enabling complete control over the affected system.

Risk & Impact Analysis

The real-world risk associated with this vulnerability is significant. Attackers can gain unauthorized access to sensitive information and execute arbitrary commands, leading to severe operational disruptions and data integrity issues. The blast radius is extensive due to the nature of the vulnerability and the criticality of the affected systems.

Given the high severity of the CVSS score and active exploitation, organizations should address this vulnerability as part of their immediate remediation efforts. Regular monitoring and assessment of vulnerabilities in systems and applications are essential to maintain security posture.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

Affected versions include all Grandstream UCM6200 firmware versions prior to 1.0.19.20.

Mitigation & Remediation

Organizations must apply the vendor's patches immediately to mitigate this vulnerability. Specifically, upgrade to firmware version 1.0.19.20 or later. If immediate patching is not feasible, consider implementing network segmentation to restrict access to vulnerable systems and monitor for unusual activity.

For additional security measures, organizations should review their configurations and apply hardening guidelines to reduce the attack surface.

For further assistance, organizations may consider engaging with professional services such as penetration testing to validate their security posture.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for abnormal SQL query patterns and review system changes that may indicate unauthorized access. Additionally, behavioral anomalies in network traffic should be flagged for further investigation.

AppSecure Threat Intelligence Insight

This vulnerability exemplifies the importance of securing network interfaces against SQL injection attacks. Organizations should implement rigorous input validation mechanisms to prevent similar vulnerabilities in their applications. Regular security assessments and adopting a proactive security posture will help mitigate risks associated with vulnerabilities like CVE-2020-5722.

For more information on security assessments, organizations can refer to the application security assessment services offered.

Staying informed about vulnerabilities and implementing timely remediation strategies is essential to maintaining a secure environment.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2020-5722: Critical Vulnerability in Grandstream UCM6200 Firmware