CVE-2022-26479
First published: Sun Jul 17 2022(Updated: )
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Poly Eagleeye Director Ii Firmware | <2.2.2.1 | |
| Poly EagleEye Director II |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-26479.
What is the severity rating for CVE-2022-26479?
CVE-2022-26479 has a severity rating of 9.8 (Critical).
What is the affected software for CVE-2022-26479?
The affected software for CVE-2022-26479 is Poly EagleEye Director II firmware versions up to 2.2.2.1.
How can an attacker exploit CVE-2022-26479?
An attacker can exploit CVE-2022-26479 by creating a certain file via an rsync backdoor, which will cause all API calls to execute as admin without authentication.
Are there any known fixes or patches for CVE-2022-26479?
Yes, it is recommended to update to Poly EagleEye Director II firmware version 2.2.2.1 or later to mitigate CVE-2022-26479.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/poly
- canonical/poly eagleeye director ii firmware
- canonical/poly eagleeye director ii