CVE-2022-26479

Name of the Vulnerable Software and Affected Versions Poly EagleEye Director II versions prior to 2.2.2.1

Description The issue allows all API calls to execute as admin without authentication if a certain file exists, which can be created via an rsync backdoor.

Recommendations For versions prior to 2.2.2.1, update to version 2.2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to API endpoints to minimize the risk of exploitation. Avoid using API calls that could potentially execute as admin without proper authentication until the issue is resolved.