CVE-2012-6611

CRITICAL

Polycom Hdx System Software < 3.0.5 - Hard-coded Credentials

Title source: rule

Description

An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/43032

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://web.archive.org/web/20130320033016/http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43032

Scores

CVSS v3 9.8

EPSS 0.0101

EPSS Percentile 76.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-798

Status published

Affected Products (1)

polycom/hdx_system_software < 3.0.5

Timeline

Published Feb 10, 2020

Tracked Since Feb 18, 2026