Lucene search
K

356 matches found

NVD
NVD
added 2026/03/03 2:16 a.m.8 views

CVE-2026-0754

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

8.2CVSS0.00098EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:48 a.m.6 views

CVE-2026-0754

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

8.2CVSS5.9AI score0.00098EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/03 12:48 a.m.8 views

EUVD-2026-9270

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

8.2CVSS5.9AI score0.00098EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/03 12:48 a.m.34 views

CVE-2026-0754 SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

8.2CVSS0.00098EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/03 12:48 a.m.4 views

CVE-2026-0754 SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

8.2CVSS5.9AI score0.00098EPSS
Exploits0References1
CVE
CVE
added 2026/03/03 12:48 a.m.23 views

CVE-2026-0754

The CVE describes a vulnerability in Poly Voice devices where an embedded test key and certificate can be extracted via reverse engineering. If a SIP service provider does not properly validate device certificates, the extracted certificate could be accepted, enabling impersonation of the Poly Vo...

8.2CVSS5.9AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.7 views

HP Poly Edge E Series 安全漏洞

The HP Poly Edge E Series is a series of IP desktop phones produced by the American company HP. The HP Poly Edge E Series contains security vulnerabilities. These vulnerabilities stem from the inclusion of test keys and certificates within the devices, which may allow attackers to extract these...

8.2CVSS5.8AI score0.00098EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.10 views

PT-2026-22708

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

8.2CVSS5.9AI score0.00098EPSS
Exploits0References1
Hewlett-Packard
Hewlett-Packard
added 2026/03/02 12:0 a.m.15 views

SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate. Service...

8.2CVSS5.9AI score0.00098EPSS
Exploits0Affected Software3
RedhatCVE
RedhatCVE
added 2026/01/09 11:35 a.m.7 views

CVE-2021-41322

Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process...

8.8CVSS7AI score0.01642EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.11 views

CVE-2022-26481

An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request CSR action...

8.8CVSS7.3AI score0.01577EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.9 views

CVE-2022-26479

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file which can be created via an rsync backdoor causes all API calls to execute as admin without authentication...

9.8CVSS7.1AI score0.01729EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.6 views

CVE-2022-26482

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin...

7.2CVSS7.4AI score0.22337EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.7 views

CVE-2024-41912

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls...

9.8CVSS6.9AI score0.00506EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.21 views

CVE-2024-41913

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input...

8.8CVSS6.9AI score0.00519EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.7 views

CVE-2023-4468

A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical...

7.6CVSS6.2AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.8 views

CVE-2023-4467

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been...

6.6CVSS6.6AI score0.00263EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.5 views

CVE-2023-4464

A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201,...

8.3CVSS7.4AI score0.03315EPSS
Exploits1References1
CVE
CVE
added 2025/12/16 3:15 p.m.12 views

CVE-2025-14432

CVE-2025-14432 affects HP video conferencing products (HP TC8/TC10 noted in CNNVD) with a data-leakage issue where sensitive data could be written to log files when an admin uses Microsoft Teams Admin Center (TAC) to apply device configuration changes. The log file is restricted to admins but exp...

8.1CVSS6.3AI score0.00344EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/16 3:15 p.m.5 views

CVE-2025-14432 Poly Video - Sensitive Data Might Be Written to Log File

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...

8.1CVSS6.3AI score0.00344EPSS
Exploits0References1
Rows per page
Query Builder