CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2025-34093 – Polycom HDX Series Telnet Command Injection via lan traceroute
https://notcve.org/view.php?id=CVE-2025-34093
10 Jul 2025 — An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allo... • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/misc/polycom_hdx_traceroute_exec.rb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11355
https://notcve.org/view.php?id=CVE-2019-11355
12 Mar 2020 — An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root. • https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 2CVE-2012-6611
https://notcve.org/view.php?id=CVE-2012-6611
10 Feb 2020 — An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password. Se detectó un problema en Polycom Web Management Interface G3/HDX 8000 HD con el software Durango versión 2.6.0 4740 y la plataforma de desarrollo Polycom Linux 2.14.g3 integrada. Tiene una contraseña administrativa en blanco de forma p... • https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6609
https://notcve.org/view.php?id=CVE-2012-6609
28 Jan 2020 — Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. Una vulnerabilidad salto de directorio en el archivo a_getlog.cgi en Polycom HDX Video End Points versiones anteriores a 3.0.4 y UC APL versiones anteriores a 2.7.1.J, permite a atacantes remotos leer archivos arbitrarios por medio de un carácter ".." (punto punto) en el parámetro name. • http://seclists.org/fulldisclosure/2012/Mar/18 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 2%CPEs: 3EXPL: 0CVE-2012-6610
https://notcve.org/view.php?id=CVE-2012-6610
28 Jan 2020 — Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature. Polycom HDX Video End Points versiones anteriores a 3.0.4 y UC APL versiones anteriores a 2.7.1.J, permiten a usuarios autenticados remotos ejecutar comandos arbitrarios como es demostrado por un carácter ";" (punto y coma) en la funcionalidad ping command. • http://seclists.org/fulldisclosure/2012/Mar/18 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2018-15128
https://notcve.org/view.php?id=CVE-2018-15128
13 May 2019 — An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. Fue encontrado un problema en Polycom Group Series versión 6.1.6.1 y anteriores, versión HDX 3.1.12 y anteriores, y versión Pano 1.1.1 y anteriores. Existe una vulnerabilidad de ejecución de código remota en la funcionalidad Content Sharing debido a un Desbor... • https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 37EXPL: 0CVE-2012-4970 – Polycom HDX Video End Points Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-4970
28 Dec 2012 — Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administración web de Polycom HDX Video End Points con software UC APL antes de v2.7.1.1_J y software comercial antes de v3.0.5, permite a atacan... • http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •