Studio X50 – Insertion of Sensitive Information into Log File
A flaw in the logging stores limited credentials in cleartext.
CVE 2022-26480 – Studio X50 Insertion of Sensitive Information into Log File
Access to the device logs discloses the Web Proxy Settings credentials, which could compromise the confidentiality of the proxy. Typical deployment of the Studio-X30, Studio-X50, and G7500 requires Administrator access to obtain logs from the device.
Last Update: 3/7/2022
Initial Public Release: 3/7/2022
Advisory ID: PLYTV21-10
CVE ID: CVE-2022-26480
CVSS Score 2.7
Poly recommends all customers upgrade to the latest version. Update Studio X30/X50/X70 or G7500 to firmware version 3.7.0 or later.
There is no workaround.