CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11355
https://notcve.org/view.php?id=CVE-2019-11355
12 Mar 2020 — An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root. • https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 2CVE-2012-6611
https://notcve.org/view.php?id=CVE-2012-6611
10 Feb 2020 — An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password. Se detectó un problema en Polycom Web Management Interface G3/HDX 8000 HD con el software Durango versión 2.6.0 4740 y la plataforma de desarrollo Polycom Linux 2.14.g3 integrada. Tiene una contraseña administrativa en blanco de forma p... • https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.1EPSS: 0%CPEs: 37EXPL: 0CVE-2012-4970 – Polycom HDX Video End Points Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-4970
28 Dec 2012 — Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administración web de Polycom HDX Video End Points con software UC APL antes de v2.7.1.1_J y software comercial antes de v3.0.5, permite a atacan... • http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •