Critical vulnerabilities patched in CyberData 011209 SIP Emergency Intercom
Take action: First, make sure all your emergency intercoms are isolated from the internet and accessible only from trusted networks. Then plan an upgrade cycle for all CyberData 011209 SIP Emergency Intercom devices to firmware version 22.0.1. Just isolation doesn't work. You will be hacked if you leave them unpatched.
Learn More
CyberData has addressed multiple vulnerabilities in its 011209 SIP Emergency Intercom, a device widely deployed in security, public safety, and industrial communication environments worldwide. Successful exploitation could allow attackers to disclose sensitive information, cause denial-of-service conditions, or achieve complete code execution on affected systems.
The security flaws were discovered by Vera Mens of Claroty Team82 and reported to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Vulnerabilities summary:
- CVE-2025-30184 (CVSS v3.1 score 9.8, CVSS v4 score 9.3) - Authentication Bypass Using an Alternate Path or Channel. This critical flaw allows unauthenticated users to gain access to the device's web interface through alternate pathways, completely bypassing normal authentication mechanisms.
- CVE-2025-30515 (CVSS v3.1 score 9.8, CVSS v4 score 9.3) - Path Traversal. This critical flaw enables authenticated attackers to upload arbitrary files to multiple locations within the system, potentially leading to complete system compromise.
- CVE-2025-26468 (CVSS v3.1 score 7.5, CVSS v4 score 8.7) - Missing Authentication for Critical Function. This vulnerability exposes critical system features to unauthenticated users, enabling them to cause denial-of-service conditions or system disruptions.
- CVE-2025-30183 (CVSS v3.1 score 7.5, CVSS v4 score 8.7) - Insufficiently Protected Credentials. This vulnerability stems from improper storage and protection of web server administrator credentials, potentially exposing administrative access to unauthorized parties
- CVE-2025-30507 (CVSS v3.1 score 5.3, CVSS v4 score 6.9) - SQL Injection. This flaw allows unauthenticated attackers to gather sensitive information through blind SQL injection attacks against the device's database components.
CyberData has released firmware version 22.0.1 to address these vulnerabilities. Organizations operating affected devices should immediately upgrade to this patched version to mitigate the security risks. The update process involves downloading the latest firmware from CyberData's official website and following the manufacturer's update procedures.
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at the time of the advisory release.
