29 matches found
CVE-2026-5922
CVE-2026-5922 affects Poly Voice IP phones; a vulnerability exists where malicious input stored in configuration parameters is rendered in the WebUI, enabling cross-site scripting (XSS) and potentially allowing unauthorized modification of the WebUI. Root cause appears to be input stored in confi...
CVE-2026-5922 Poly Voice – Potential Unauthorized Modification of WebUI using XSS Attack
The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...
CVE-2026-5923
CVE-2026-5923 affects Poly Voice IP phones’ WebUI. A stolen cookie may enable CSRF to modify the WebUI contents. Impact: integrity and availability High; confidentiality Low. Exploitation status and fixes are not detailed in the provided documents; no patch/version info is given.
CVE-2026-5923 Poly Voice – Potential Unauthorized Modification of WebUI using CSRF Attack
Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...
CVE-2026-2891
The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...
EUVD-2026-41005
The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...
CVE-2026-2891
The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...
CVE-2026-2891
The CVE-2026-2891 entry concerns Poly Voice IP devices (CCX, Trio, Edge E) and describes a potential DoS if these devices connect to a malicious SIP server sending malformed data. Affected components are the Poly Voice devices themselves; the root cause is triggered by malformed SIP input from a ...
HP Poly Voice Unauthenticated Remote Code Execution
CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...
CVE-2026-0826
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...
CVE-2026-0826
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...
EUVD-2026-33658
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...
CVE-2026-0826 Poly Voice – Possible Remote Control of Certain Poly Devices
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...
CVE-2026-0826 Poly Voice – Possible Remote Control of Certain Poly Devices
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...
CVE-2026-0826
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...
CVE-2026-0826
In CVE-2026-0826, the issue is a stack-based buffer overflow in the Poly Voice device parser for ICE SDP attributes. When ICE is enabled, parsing the a=candidate: line copies input into a 256-byte stack buffer without length checks, enabling crafted SDP to overflow and achieve unauthenticated rem...
Poly Voice – Possible Remote Control of Certain Poly Devices
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform. HP Poly recommends admins disable ICE connectivity when not required...
PT-2026-45420
Name of the Vulnerable Software and Affected Versions HP Poly VVX 150 HP Poly VVX 250 HP Poly VVX 350 HP Poly VVX 450 HP Poly Trio 8300 HP Poly Trio 8500 HP Poly Trio 8800 Description An unauthenticated stack-based buffer overflow exists in HP Poly Voice products on the Linux platform during the...
HP Poly Voice 安全漏洞
HP Poly Voice is a voice communication software developed by the American company Hewlett-Packard HP. There is a security vulnerability in HP Poly Voice, which stems from a buffer overflow issue when administrators enable interactive connection establishment. This vulnerability may lead to remote...
CVE-2026-0754
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...