Polycom HDX Series 操作系统命令注入漏洞

The Polycom HDX Series is a series of high-definition video conferencing systems from Polycom, Inc. The Polycom HDX Series suffers from an operating system command injection vulnerability that stems from a command injection issue in the devcmds console that could lead to remote code execution...

PT-2025-29136 · Polycom · Polycom Hdx Series

Name of the Vulnerable Software and Affected Versions: Polycom HDX Series affected versions not specified Description: An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds consol...

CVE-2021-37145

A command-injection vulnerability in an authenticated Telnet connection in Poly formerly Polycom CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2018-10946

An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI...

CVE-2012-6611

An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password...

CVE-2018-10947

An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted...

CVE-2018-15128

An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets...

CVE-2019-12948

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service DoS condition or execute arbitrary co...

CVE-2002-1905

Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service crash via a long HTTP GET request...

CVE-2002-1906

The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service CPU consumption by sending incomplete HTTP requests and leaving the connections open...

CVE-2025-22918

Polycom RealPresence Group 500 =20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information...

CVE-2025-22918

Polycom RealPresence Group 500 =20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information...

CVE-2025-22918

Summary (CVE-2025-22918): Polycom RealPresence Group 500 versions

CVE-2025-22918

Polycom RealPresence Group 500 =20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information...

CVE-2025-22918

Polycom RealPresence Group 500 =20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information...

Polycom RealPresence Group 500 安全漏洞

Polycom RealPresence Group 500 is a video conferencing endpoint device from Polycom USA that is primarily used for video communication in conference rooms and other scenarios. A security vulnerability exists in Polycom RealPresence Group 500 version 20 and prior versions, which stems from the...

PT-2025-4747 · Polycom · Polycom Realpresence Group 500

Name of the Vulnerable Software and Affected Versions: Polycom RealPresence Group 500 versions =20 Description: The issue is related to insecure permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user...

UC Software - Missing Authorization

A potential vulnerability was discovered in certain Trio devices. An attacker with physical access to a device without administrator privileges can gain administrative access through the Poly Lens interface due to a potential authorization vulnerability. This is only possible for devices that are...

Polycom BToE Connector 4.4.0.0 Buffer Overflow / Man-In-The-Middle

Microsoft® Lync™ Better Together over Ethernet BToE feature on Polycom® VVX® business media. phones enables you to control phone activity from your computer using your Lync client. The BToE feature enables you to place, answer, and hold audio and video calls from your Polycom VVX phone and your...

CVE-2023-29930

An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page...