CVE-2002-0626
Description
Polycom ViewStation before 7.2.4 ships with a null default password for the administrator account, enabling unauthenticated remote attackers to gain full control.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Polycom ViewStation before 7.2.4 ships with a null default password for the administrator account, enabling unauthenticated remote attackers to gain full control.
Vulnerability
Polycom ViewStation video conferencing devices running firmware versions prior to 7.2.4 have a default null password set for the built-in administrator account. This means that no password is required to log in with administrative privileges. The vulnerability exists in the device's web interface and management console.
Exploitation
An attacker with network access to the ViewStation can exploit this by simply connecting to the device's management interface (typically HTTP or HTTPS) and logging in with the username admin and leaving the password field empty. No prior authentication or user interaction is required. The default configuration does not enforce any password change on first login.
Impact
Successful exploitation grants the attacker full administrative control over the ViewStation device. This includes the ability to modify system settings, access and manipulate video/audio streams, change network configurations, upload malicious firmware, and potentially pivot to other devices on the network. The compromise is at the highest privilege level.
Mitigation
Polycom addressed this issue in firmware version 7.2.4 [1]. Users should upgrade to this version or later. As a general security practice, administrators should also change default passwords immediately upon deployment. If upgrading is not possible, restrict network access to the management interface using firewall rules or VLAN segmentation. This CVE is not listed on CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
16cpe:2.3:h:polycom:viewstation_128:6.5.1:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:h:polycom:viewstation_128:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_128:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_h.323:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_h.323:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_sp_384:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_sp_384:7.2:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_512:6.5.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:polycom:viewstation_512:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_512:7.2:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_dcp:6.5.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:polycom:viewstation_dcp:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_dcp:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_fx_vs4000:4.1.5:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_mp:6.5.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:h:polycom:viewstation_mp:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_mp:7.2:*:*:*:*:*:*:*
- (no CPE)range: <7.2.4
cpe:2.3:h:polycom:viewstation_v.35:6.5.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:polycom:viewstation_v.35:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_v.35:7.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.ciac.org/ciac/bulletins/m-123.shtmlnvdPatchVendor Advisory
- www.iss.net/security_center/static/9347.phpnvdVendor Advisory
- www.securityfocus.com/bid/5631nvdVendor Advisory
- bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jspnvd
- www.polycom.com/common/pw_item_show_doc/0%2C%2C1444%2C00.pdfnvd
News mentions
0No linked articles in our index yet.