CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol VoIP phone. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-0826. A remote attacker can leverage CVE-2026-08...

Intelbras TIP 200 Lite和Intelbras TELEFONE IP TIP200 安全漏洞

The Intelbras TIP 200 Lite and the Intelbras TELEFONE IP TIP200 are both products of the Brazilian company Intelbras. The Intelbras TIP 200 Lite is an IP phone device. It operates as an IP terminal and supports up to two SIP accounts. It features high voice quality HD Voice, LCD display 2x15, and...

CVE-2024-20534

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks against users. This vulnerabilit...

The vulnerability in the web interface of the microprogramming software for Cisco IP Phones 6800, 7800, 8800, and 8875 allows a perpetrator to cause a service failure.

The vulnerability of the web-based management interface for Cisco IP Phones 6800, 7800, 8800, and 8875 lies in the fact that operations are performed outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure by sending specially crafted...

The vulnerability of the Cisco Discovery protocol processing function in the microprogramming software of Cisco IP Phones 7800 and 8800 allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of the Cisco Discovery protocol processing function in the microprogramming software of Cisco IP Phones 7800 and 8800 is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures by...

The vulnerability in the web interface for controlling microprogrammed software in Cisco IP Phones 6800, Cisco IP Phone 7800, and Cisco IP Phone 8800 allows a attacker to perform a CSRF attack.

The vulnerability of the web interface for controlling microprogrammed software in Cisco IP Phones 6800, 7800, and 8800 is related to insufficient verification of the HTTP request source. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a specially created web...

The vulnerability of the microprogrammed software in Cisco IP Phone models series 8800 and 7800, related to insufficient checking of SIP initiation packets, allows attackers to cause service failures.

The vulnerability of the microprogrammed software in Cisco IP Phone models series 8800 and 7800 is related to insufficient checking of incoming packets of the Session Initiation Protocol SIP. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Sql injection

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READSMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo...

LG On Screen Phone authentication bypass (CVE-2014-8757)

LG On Screen Phone authentication bypass vulnerability ------------------------------------------------------ SEARCH-LAB Ltd. discovered a serious security vulnerability in the On Screen Phone protocol used by LG Smart Phones. A malicious attacker is able to bypass the authentication phase of the...

Bluetooth DoS by obex push

Hello, during a course project studying security and privacy related to Bluetooth, we discovered a simple but effective DoS attack using OBEX push. Using ussp-push 1, it is possible to send out files very quickly. By continuously trying to push a ?le, the target is ?ooded with prompts whether to...