Poly Voice Device Test Key and Certificate Exposed to Unauthorized Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.2

Poly Voice Device Test Key and Certificate Exposed to Unauthorized Access

CVE-2026-0754

Summary

A vulnerability in Poly Voice devices allows a skilled attacker to extract a test key and certificate. If a SIP service provider does not properly verify the device's certificate, the attacker could impersonate the device and gain unauthorized access to the service provider's system. To protect against this, update the Poly Voice device and ensure the SIP service provider verifies the device's certificate properly.

Original title

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider ...

Original description

nvd CVSS4.0 8.2

Vulnerability type

CWE-321 Use of Hard-coded Cryptographic Key

https://support.hp.com/us-en/document/ish_14269649-14269682-16/hpsbpy04081

Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026