CVE-2018-10946
MEDIUMPolycom RealPresence Debut Firmware < 1.3.0-66872 - Unauthenticated Exposure of Admin Password via Web UI
Title source: llmDescription
An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.polycom.com/PolycomService/home/home.htm
Vendor Advisory x_refsource_confirm
https://support.polycom.com/content/dam/polycom-support/global/documentation/advisory-rp-debut-vulnerabilities.pdf
Scores
CVSS v3
6.8
EPSS
0.0049
EPSS Percentile
38.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (1)
polycom/realpresence_debut_firmware
< 1.3.0-66872
Published
Jun 13, 2019
Tracked Since
Feb 18, 2026