CISA Alert: Critical Vulnerabilities Found in CyberData SIP Emergency Intercom Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of multiple high-impact vulnerabilities affecting CyberData’s SIP Emergency Intercom (Model 011209)—a device widely deployed in security, public safety, and industrial communication environments.

According to the advisory, the vulnerabilities were discovered by Vera Mens of Claroty Team82 and could allow remote attackers to gain unauthorized access, execute arbitrary code, disclose sensitive information, or disrupt system availability.

“Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or achieve code execution,” CISA warns.

CISA’s advisory outlines the following CVEs affecting versions prior to 22.0.1 of the 011209 SIP Intercom:

• CVE-2025-30184 – Authentication Bypass (CVSS 9.8): Allows unauthenticated access to the device’s web interface through alternate channels. 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
• CVE-2025-26468 – Missing Authentication for Critical Function (CVSS 7.5): Enables attackers to disrupt service or cause a denial-of-service state. Exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition.
• CVE-2025-30507 – Blind SQL Injection (CVSS 5.3): Lets threat actors gather sensitive information via blind SQL injection vectors.
• CVE-2025-30183 – Weak Credential Storage (CVSS 7.5): Admin credentials are stored insecurely, opening paths to unauthorized access.
• CVE-2025-30515 – Path Traversal (CVSS 9.8): Authenticated users can upload arbitrary files to multiple paths on the system. 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.

CyberData has released firmware version 22.0.1, which mitigates these issues. Organizations using affected devices should upgrade immediately and verify that proper security controls are in place.

To minimize the risk of exploitation, CISA advises:

• Isolating control system devices from the public internet.
• Segmenting operational networks from business systems.
• Using VPNs for remote access—though CISA cautions that VPNs themselves must be kept up to date.

As of now, there is no evidence of public exploitation, but given the severity scores (up to 9.8) and the nature of the exposed functions, these vulnerabilities represent a serious risk to critical communication systems if left unpatched.

Related Posts:

• Critical Vulnerabilities Uncovered in Mitel SIP Phones: Command Injection and File Upload Risks
• Microsoft details the CVE-2023-32369 flaw in macOS that could bypass SIP root restrictions
• Microsoft Unveils CVE-2024-44243: A macOS System Integrity Protection Bypass Through Kernel Extensions
• Aquabotv3: The Mirai-Based Botnet Exploiting CVE-2024-41710 for DDoS Attacks
• Kaspersky Lab found Calisto malware, a Precursor to Dangerous Proton macOS Malware