The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
trio_8500
CVE-2018-14935
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.