EIP-2026-101926

PRE-CVE

Polycom VVX Web Interface - Change Admin Password

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101926. PoCs published by Mike Brown.

AI-analyzed exploit summary This exploit describes a privilege escalation vulnerability in Polycom VVX phones where a user can change the admin password by manipulating the HTML form field name. The attack involves inspecting and modifying the 'name' attribute of the password field to escalate privileges.

Description

Polycom VVX Web Interface - Change Admin Password

Exploits (1)

exploitdb WRITEUP

by Mike Brown · textwebappshardware

https://www.exploit-db.com/exploits/41175

View Code ZIP pw:eip

This exploit describes a privilege escalation vulnerability in Polycom VVX phones where a user can change the admin password by manipulating the HTML form field name. The attack involves inspecting and modifying the 'name' attribute of the password field to escalate privileges.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Polycom VVX UC Software Version 5.3.1.0436

Auth required

Prerequisites: Access to the 'User' account (default credentials: User:123) · Access to the web interface of the Polycom VVX phone

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026