The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.
737f912aedaeba8a1d57b9dc8bd11fe5911f1fbdc0923fc3bb63f868636273f6
The login component of the Polycom Command Shell on Polycom HDX video endpints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.
548cc509510583c6e9073f79cf341d4f7d444c54333db5eee6854c756f2f9ecf
The Polycom HDX is a series of telecommunication and video devices. The telnet component of Polycom HDX video endpoint devices is vulnerable to an authorization bypass when multiple simultaneous connections are repeatedly made to the service, allowing remote network attackers to gain full access to a Polycom command prompt without authentication. Versions prior to 3.0.4 also contain OS command injection in the ping command which can be used to escape the telnet prompt and execute arbitrary commands as root. Full Metasploit module included.
d6c612cfdc86b1458e81dbbcb92971210f9f19604de9afd1da509ddb21eceac2
Ultr@VNC 1.0.1 Client Buffer Overflow exploit. Spawns an instance of calc.exe.
2fcdc0f17a5a95906e55a96c88e2e56425da544a1bfe0f190964c31c98046b57