CVE-2024-9579

HIGH

HP Poly TC8, TC10, Studio G7500, X30, X50, X70, X52, G62 Firmware - Command Injection

Title source: llm

Description

A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900

Scores

CVSS v3 7.5

EPSS 0.0031

EPSS Percentile 53.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (8)

hp/poly_studio_g62_firmware < 4.3.2

hp/poly_studio_g7500_firmware < 4.3.2

hp/poly_studio_x30_firmware < 4.3.2

hp/poly_studio_x50_firmware < 4.3.2

hp/poly_studio_x52_firmware < 4.3.2

hp/poly_studio_x70_firmware < 4.3.2

hp/poly_tc10_firmware < 6.3.2

hp/poly_tc8_firmware < 6.3.2

Published Nov 05, 2024

Tracked Since Feb 18, 2026