2 matches found
CVE-2022-26479
Poly EagleEye Director II (pre-2.2.2.1) contains an authentication bypass vulnerability where the existence of a certain file (creatable via an rsync backdoor) causes all API calls to run with admin privileges. Affected component/file path is unspecified in the initial documents; root cause is an...
CVE-2022-26482
Poly EagleEye Director II (pre-2.2.2.1) exposes an OS command injection via os.system that can be performed by an admin. Affected product/version: Poly EagleEye Director II prior to 2.2.2.1. Impact (per NVD): high severity (CVSSv3.1 base score 7.2) with high confidentiality, integrity, and availa...