Grandstream UCM62xx IP PBX sendPasswordEmail Remote Code Execution

Posted on 25 January 2022

This Metasploit module exploits an unauthenticated SQL injection vulnerability and a command injection vulnerability affecting the Grandstream UCM62xx IP PBX series of devices. The vulnerabilities allow an unauthenticated remote attacker to execute commands as root.