Research scientists of the Competence Center for IT-Security found multiple vulnerabilities in the Poly VVX 410 and VVX 411 IP phones and the associated Better Together over Ethernet (BToE) connector application. These vulnerabilities could be exploited, in order to disclose login information of users, bug phones and potentially execute arbitrary codes on the phones.
The full report is available for download here.
Permalink to this entry: https://url.fzi.de/en-vulns-poly-19