How to fix EUVD-2025-17584?

Within 24 hours: Identify and inventory all CyberData 011209 devices in your environment and isolate them from untrusted network segments; notify stakeholders of potential exposure. Within 7 days: Apply vendor-released patch to all affected devices and verify patch deployment across your infrastructure. Within 30 days: Conduct security assessment of intercom systems to confirm no unauthorized access occurred during exposure window and implement network segmentation controls to restrict intercom access to authorized administrative networks only.

Is 011209 Sip Emergency Intercom Firmware affected by EUVD-2025-17584?

CyberData 011209 Intercom devices contain a critical authentication bypass vulnerability (CVSS 9.8) allowing unauthenticated remote attackers to gain complete control of intercom systems without credentials.

EUVD-2025-17584

| CVE-2025-30184 CRITICAL

2025-06-09 [email protected]

Information Disclosure 011209 Sip Emergency Intercom Firmware

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 05:55 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

patch_available

Apr 16, 2026 - 05:29 EUVD

22.0.1

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17584

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

CVE Published

Jun 09, 2025 - 22:15 nvd

CRITICAL 9.8

DescriptionNVD

CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.

AnalysisAI

CyberData 011209 Intercom devices contain an authentication bypass vulnerability in the web interface accessible via an alternate path, allowing unauthenticated attackers complete unauthorized access (confidentiality, integrity, availability compromise). This CVSS 9.8 critical vulnerability affects CyberData intercom systems and poses immediate risk to organizations relying on these devices for communication and physical security integration. No specific KEV or active exploitation data provided, but the unauthenticated network-accessible nature with no mitigation requirements makes this highly likely to be targeted.

Technical ContextAI

The vulnerability stems from CWE-288 (Authentication Bypass Using an Alternate Path or Channel), a root cause where security controls exist on primary paths but fail on alternate paths. CyberData 011209 intercoms expose a web management interface for configuration and control; the vulnerability likely involves an undocumented or improperly secured endpoint that bypasses standard authentication mechanisms. The intercom's web interface typically handles SIP configuration, audio settings, and network parameters—all sensitive functions. The alternate path may be a legacy endpoint, a debug interface, or an improperly segmented administrative function that inherited authentication from a parent component without validation. CVSS vector AV:N/AC:L indicates the flaw is exploitable over the network with no attack complexity, suggesting path traversal, parameter manipulation, or direct endpoint access rather than a sophisticated exploit.

EUVD-2025-17584 vulnerability details – vuln.today

Back

EUVD-2025-17584

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Share

External POC / Exploit Code