CVE-2023-4462— Poly VVX 601 Web Configuration Application random values
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-4462
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Poly VVX 601 Web Configuration Application random values
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用不充分的随机数
Source: NVD (National Vulnerability Database)
Vulnerability Title
Poly Trio 安全特征问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Poly Trio是美国Poly公司的一款Trio系列的商务会议电话。 Poly CCX和Trio存在安全特征问题漏洞,该漏洞源于组件Web Configuration Application存在安全特征问题漏洞。受影响的产品和版本:Poly CCX 400版本,CCX 600版本,Trio 8800版本,Trio C60版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Poly | Trio 8300 | n/a | - | |
| Poly | Trio 8500 | n/a | - | |
| Poly | Trio 8800 | n/a | - | |
| Poly | Trio C60 | n/a | - | |
| Poly | CCX 350 | n/a | - | |
| Poly | CCX 400 | n/a | - | |
| Poly | CCX 500 | n/a | - | |
| Poly | CCX 505 | n/a | - | |
| Poly | CCX 600 | n/a | - | |
| Poly | CCX 700 | n/a | - | |
| Poly | EDGE E100 | n/a | - | |
| Poly | EDGE E220 | n/a | - | |
| Poly | EDGE E300 | n/a | - | |
| Poly | EDGE E320 | n/a | - | |
| Poly | EDGE E350 | n/a | - | |
| Poly | EDGE E400 | n/a | - | |
| Poly | EDGE E450 | n/a | - | |
| Poly | EDGE E500 | n/a | - | |
| Poly | EDGE E550 | n/a | - | |
| Poly | VVX 101 | n/a | - | |
| Poly | VVX 150 | n/a | - | |
| Poly | VVX 201 | n/a | - | |
| Poly | VVX 250 | n/a | - | |
| Poly | VVX 300 | n/a | - | |
| Poly | VVX 301 | n/a | - | |
| Poly | VVX 310 | n/a | - | |
| Poly | VVX 311 | n/a | - | |
| Poly | VVX 350 | n/a | - | |
| Poly | VVX 400 | n/a | - | |
| Poly | VVX 401 | n/a | - | |
| Poly | VVX 410 | n/a | - | |
| Poly | VVX 411 | n/a | - | |
| Poly | VVX 450 | n/a | - | |
| Poly | VVX 500 | n/a | - | |
| Poly | VVX 501 | n/a | - | |
| Poly | VVX 600 | n/a | - | |
| Poly | VVX 601 | n/a | - |
II. Public POCs for CVE-2023-4462
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-4462
请登录查看更多情报信息。
Same Patch Batch · Poly · 2023-12-29 · 7 CVEs total
| CVE-2023-4464 | 7.2 HIGH | Poly VVX 601 Diagnostic Telnet Mode os command injection |
| CVE-2023-4467 | 6.2 MEDIUM | Poly Trio 8800 Test Automation Mode backdoor |
| CVE-2023-4463 | 5.3 MEDIUM | Poly CCX 400/CCX 600/Trio 8800/Trio C60 HTTP Header denial of service |
| CVE-2023-4468 | 4.3 MEDIUM | Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud Registration authorization |
| CVE-2023-4465 | 2.7 LOW | Poly VVX 601 Configuration File Import unverified password change |
| CVE-2023-4466 | 2.7 LOW | Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism |
IV. Related Vulnerabilities
Same vendor: Poly
- CVE-2024-6147
Poly Plantronics Hub Link Following Local Privilege Escalati - CVE-2023-4468
Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud - CVE-2023-4467
Poly Trio 8800 Test Automation Mode backdoor - CVE-2023-4466
Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protec - CVE-2023-4465
Poly VVX 601 Configuration File Import unverified password c
Same weakness: CWE-330
- CVE-2026-7847
chatchat-space Langchain-Chatchat Uploaded File openai_route - CVE-2026-40975
VMware Spring Boot 安全特征问题漏洞 - CVE-2026-40496
FreeScout has Predictable Attachment Token that Allows Unaut - CVE-2026-40306
DNN has same HostGUID for all new installs - CVE-2026-33710
Chamilo LMS has Weak REST API Key Generation (Predictable)
V. Comments for CVE-2023-4462
No comments yet