Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
AnalysisAI
CyberData 011209 Intercom devices contain an authentication bypass vulnerability in the web interface accessible via an alternate path, allowing unauthenticated attackers complete unauthorized access (confidentiality, integrity, availability compromise). This CVSS 9.8 critical vulnerability affects CyberData intercom systems and poses immediate risk to organizations relying on these devices for communication and physical security integration. No specific KEV or active exploitation data provided, but the unauthenticated network-accessible nature with no mitigation requirements makes this highly likely to be targeted.
Technical ContextAI
The vulnerability stems from CWE-288 (Authentication Bypass Using an Alternate Path or Channel), a root cause where security controls exist on primary paths but fail on alternate paths. CyberData 011209 intercoms expose a web management interface for configuration and control; the vulnerability likely involves an undocumented or improperly secured endpoint that bypasses standard authentication mechanisms. The intercom's web interface typically handles SIP configuration, audio settings, and network parameters—all sensitive functions. The alternate path may be a legacy endpoint, a debug interface, or an improperly segmented administrative function that inherited authentication from a parent component without validation. CVSS vector AV:N/AC:L indicates the flaw is exploitable over the network with no attack complexity, suggesting path traversal, parameter manipulation, or direct endpoint access rather than a sophisticated exploit.
Critical arbitrary file upload vulnerability in CyberData 011209 Intercom systems that allows authenticated attackers to
CyberData 011209 Intercom devices fail to properly store or protect web server administrator credentials, allowing unaut
CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injectio
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17584