CVE-2024-0840
HIGHDescription
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-0840? +
How severe is CVE-2024-0840? +
How do I check if I'm vulnerable to CVE-2024-0840? +
Related Vulnerabilities
Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit …
SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. …
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to …