CVE-2026-0754

SIP Service Providers – Possible Impersonation of Poly Voice Device

CVSS 8.2 HIGHEPSS 0.1%CWE-321

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.2EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

03 Mar 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate.

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N

Affected products

HP Inc · Edge E HP Inc · Trio 8300 HP Inc · VVX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.hp.com/us-en/document/ish_14269649-14269682-16/hpsbpy04081