A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260.
References
Link | Resource |
---|---|
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html | Not Applicable |
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices | |
https://modzero.com/en/advisories/mz-23-01-poly-voip/ | |
https://vuldb.com/?ctiid.249260 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.249260 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
09 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
05 Jan 2024, 17:34
Type | Values Removed | Values Added |
---|---|---|
First Time |
Poly trio 8800
Poly trio 8800 Firmware Poly |
|
CPE | cpe:2.3:o:poly:trio_8800_firmware:7.2.6.0019:*:*:*:*:*:*:* cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.6 |
References | () https://vuldb.com/?id.249260 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?ctiid.249260 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html - Not Applicable | |
References | () https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/ - Broken Link |
29 Dec 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-29 10:15
Updated : 2024-05-17 02:31
NVD link : CVE-2023-4467
Mitre link : CVE-2023-4467
CVE.ORG link : CVE-2023-4467
JSON object : View
Products Affected
poly
- trio_8800
- trio_8800_firmware
CWE
CWE-912
Hidden Functionality