Research scientists of the Competence Center for IT Security found further vulnerabilities in the Poly VVX 410 and VVX 411 IP phones. The vulnerabilities CVE-2020-12871, CVE-2020-13635, and CVE-2020-13636 can be exploited in order to wiretap phones over the network.
The full report is available for download here.
Permalink to this entry: https://url.fzi.de/en-vulns-poly