Search
Collection
Category
Tag
Blog
Pricing
Submit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

Email

AISecKit

Curated AI security tools & LLM safety resources for cybersecurity professionals

Product

Search
Collection
Category
Tag

Resources

Blog
Pricing
Submit

Tools

🔥Marathons Tools

Company

About Us
Privacy Policy
Terms of Service
Sitemap

Copyright © 2025 All Rights Reserved.

Home
Category
CVE-2017-16778-Intercom-DTMF-Injection

CVE-2017-16778-Intercom-DTMF-Injection

A security advisory on Fermax Intercom DTML Injection vulnerability that allows unauthorized access through DTMF tones.

image for CVE-2017-16778-Intercom-DTMF-Injection

Introduction

Information

Publisher
AISecKit
Websitegithub.com
Published date2025/04/27

Categories

Incident Response Tools
Penetration Testing
Vulnerability Disclosure

Tags

Authorization
Incident Response
Vulnerability Disclosure

More Products

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt Injection Generative AI Red Team Testing Data Poisoning

Folly

Open-source LLM Prompt-Injection and Jailbreaking Playground for testing LLM security vulnerabilities.

Prompt Injection Open Source API Security Security Testing LLM Security+1

Cybersecurity AI

Cybersecurity AI (CAI) is an open Bug Bounty-ready Artificial Intelligence framework for enhancing security operations.

Open Source Bug Bounty

Introduction

The CVE-2017-16778 Intercom DTMF Injection vulnerability describes a significant security flaw identified in Fermax Intercom systems. This vulnerability allows an attacker to gain unauthorized access to residential buildings simply by exploiting the way Dual-tone Multiple Frequency (DTMF) tones are processed. The coordinated disclosure of this flaw involved close collaboration with Fermax International, who responded promptly and facilitated the public release of pertinent information regarding the security issue.

Key Features

Vulnerability Identification: Detailed description of the intercom's DTMF injection vulnerability, outlining its implications for security and safety.
Proof of Concept: Provides a demonstration of the flaw, showcasing how DTMF tones can be used maliciously.
Disclosure Timeline: A timeline that tracks the engagement between the report authors and Fermax regarding the vulnerability remediation process.

Benefits

Security Awareness: Raises awareness of vulnerabilities in widely used intercom systems, helping to prevent unauthorized access.
Collaboration with Vendors: Highlights the importance of timely communication and collaboration between security researchers and product manufacturers in addressing vulnerabilities.

Highlights

Explains the attack vector and steps to reproduce the finding, enabling informed assessments of risk.
Recommends validation mechanisms to be implemented in intercom systems to prevent similar vulnerabilities in the future.