Filtered by vendor Poly
Subscribe
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24282 | 1 Poly | 2 Trio 8800, Trio 8800 Firmware | 2023-03-14 | N/A | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file. | |||||
| CVE-2022-26479 | 1 Poly | 2 Eagleeye Director Ii, Eagleeye Director Ii Firmware | 2022-07-22 | N/A | 9.8 CRITICAL |
| An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication. | |||||
| CVE-2022-26481 | 1 Poly | 8 G7500, G7500 Firmware, Studio X30 and 5 more | 2022-07-21 | N/A | 8.8 HIGH |
| An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request (CSR) action. | |||||
| CVE-2022-26482 | 1 Poly | 2 Eagleeye Director Ii, Eagleeye Director Ii Firmware | 2022-07-21 | N/A | 7.2 HIGH |
| An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin. | |||||
| CVE-2018-17875 | 1 Poly | 2 Trio 8800, Trio 8800 Firmware | 2022-01-10 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors. | |||||
| CVE-2021-37145 | 1 Poly | 4 Cx5100, Cx5100 Firmware, Cx5500 and 1 more | 2021-09-15 | 6.5 MEDIUM | 7.2 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||