336 matches found
Polycom Trio Improper Access Control Vulnerability
Polycom Trio is a Polycom Trio series of business conference phones.The Bluetooth subsystem is one of the Bluetooth subsystems. A security vulnerability exists in the Bluetooth subsystem on Polycom Trio using software versions prior to 5.5.4, which stems from the program failing to enforce proper...
CVE-2018-14934
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone...
Design/Logic Flaw
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone...
Cross site scripting
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS...
CVE-2018-14935
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS...
CVE-2018-14935
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS...
CVE-2018-14934
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone...
CVE-2018-14934
The CVE-2018-14934 entry concerns Polycom Trio devices with software versions prior to 5.5.4. The Bluetooth subsystem has Incorrect Access Control, allowing an attacker to connect without authentication and subsequently record audio from the device microphone. Impact is documented as partial conf...
CVE-2018-14935
The CVE-2018-14935 entry maps to a web-based XSS in the Web administration console of Polycom Trio devices running software before 5.5.4. Affected component: the web admin UI. Root cause: reflected/scripted input in the console without proper encoding. Impact: user-facing XSS could affect confide...
CVE-2018-14935
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS...
CVE-2018-14934
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone...
CVE-2012-6610
creationtimestamp| type| source ---|---|--- 2018-11-05 22:04:13+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/misc/polycomhdxauthbypass.rb 2025-10-23 21:12:57+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
Polycom Command Shell Authorization Bypass
The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prom...
Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure Vulnerability
Exploit for hardware platform in category local exploits Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure Vulnerability Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Versions: OWNIP=192.168.100.102 if -z "$1" then echo "Please enter an IPv4 address as target" exit else...
Polycom VVX 500 / VVX 601 5.8.0.12848 Man-In-The-Middle Vulnerability
Exploit for hardware platform in category local exploits Polycom VVX 500 / VVX 601 5.8.0.12848 Man-In-The-Middle Vulnerability Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Versions: = 5.8.0.12848 Tested Versions: 5.4.0.10182, 5.8.0.12848 Vulnerability Type: X.509 validation -...
CVE-2018-18566
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business...
CVE-2018-18566
The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business...
CVE-2018-18568
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business...
CVE-2018-18568
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business...
Design/Logic Flaw
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business...