1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: CyberData
- Equipment: 011209 SIP Emergency Intercom
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, SQL Injection, Insufficiently Protected Credentials, Path Traversal: ‘…/…//’
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or achieve code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following CyberData products are affected:
- 011209 SIP Emergency Intercom: Versions prior to 22.0.1
3.2 VULNERABILITY OVERVIEW
3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288
011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
CVE-2025-30184 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-30184. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.2.2 Missing
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article:
Read the original article: