Lucene search
K

29 matches found

CVE
CVE
added 5 days ago13 views

CVE-2026-5922

CVE-2026-5922 affects Poly Voice IP phones; a vulnerability exists where malicious input stored in configuration parameters is rendered in the WebUI, enabling cross-site scripting (XSS) and potentially allowing unauthorized modification of the WebUI. Root cause appears to be input stored in confi...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-5922 Poly Voice – Potential Unauthorized Modification of WebUI using XSS Attack

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-5923

CVE-2026-5923 affects Poly Voice IP phones’ WebUI. A stolen cookie may enable CSRF to modify the WebUI contents. Impact: integrity and availability High; confidentiality Low. Exploitation status and fixes are not detailed in the provided documents; no patch/version info is given.

6CVSS5.9AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-5923 Poly Voice – Potential Unauthorized Modification of WebUI using CSRF Attack

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 3:17 p.m.10 views

CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 2:8 p.m.9 views

EUVD-2026-41005

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:8 p.m.7 views

CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 2:8 p.m.17 views

CVE-2026-2891

The CVE-2026-2891 entry concerns Poly Voice IP devices (CCX, Trio, Edge E) and describes a potential DoS if these devices connect to a malicious SIP server sending malformed data. Affected components are the Poly Voice devices themselves; the root cause is triggered by malformed SIP input from a ...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
Metasploit
Metasploit
added 2026/06/18 7:1 p.m.179 views

HP Poly Voice Unauthenticated Remote Code Execution

CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...

9.2CVSS6.9AI score0.24469EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-0826

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS6.6AI score0.24469EPSS
Exploits3References1
NVD
NVD
added 2026/06/01 3:16 p.m.15 views

CVE-2026-0826

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS0.24469EPSS
Exploits3References1
EUVD
EUVD
added 2026/06/01 2:55 p.m.16 views

EUVD-2026-33658

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS6.6AI score0.24469EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/06/01 2:55 p.m.44 views

CVE-2026-0826 Poly Voice – Possible Remote Control of Certain Poly Devices

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS0.24469EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/06/01 2:55 p.m.10 views

CVE-2026-0826 Poly Voice – Possible Remote Control of Certain Poly Devices

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS6.6AI score0.24469EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:55 p.m.10 views

CVE-2026-0826

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS6.6AI score0.24469EPSS
Exploits3References3
CVE
CVE
added 2026/06/01 2:55 p.m.48 views

CVE-2026-0826

In CVE-2026-0826, the issue is a stack-based buffer overflow in the Poly Voice device parser for ICE SDP attributes. When ICE is enabled, parsing the a=candidate: line copies input into a 256-byte stack buffer without length checks, enabling crafted SDP to overflow and achieve unauthenticated rem...

9.2CVSS6.6AI score0.24469EPSS
Exploits3References1
Hewlett-Packard
Hewlett-Packard
added 2026/06/01 12:0 a.m.16 views

Poly Voice – Possible Remote Control of Certain Poly Devices

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform. HP Poly recommends admins disable ICE connectivity when not required...

9.2CVSS6.6AI score0.24469EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.24 views

PT-2026-45420

Name of the Vulnerable Software and Affected Versions HP Poly VVX 150 HP Poly VVX 250 HP Poly VVX 350 HP Poly VVX 450 HP Poly Trio 8300 HP Poly Trio 8500 HP Poly Trio 8800 Description An unauthenticated stack-based buffer overflow exists in HP Poly Voice products on the Linux platform during the...

9.2CVSS6.7AI score0.24469EPSS
Exploits3References28
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.22 views

HP Poly Voice 安全漏洞

HP Poly Voice is a voice communication software developed by the American company Hewlett-Packard HP. There is a security vulnerability in HP Poly Voice, which stems from a buffer overflow issue when administrators enable interactive connection establishment. This vulnerability may lead to remote...

9.2CVSS6.3AI score0.24469EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/03/04 7:37 a.m.9 views

CVE-2026-0754

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

8.2CVSS5.9AI score0.00098EPSS
Exploits0References1
Rows per page
Query Builder