CVE-2017-16778-Intercom-DTMF-Injection

Introduction

The CVE-2017-16778 Intercom DTMF Injection vulnerability describes a significant security flaw identified in Fermax Intercom systems. This vulnerability allows an attacker to gain unauthorized access to residential buildings simply by exploiting the way Dual-tone Multiple Frequency (DTMF) tones are processed. The coordinated disclosure of this flaw involved close collaboration with Fermax International, who responded promptly and facilitated the public release of pertinent information regarding the security issue.

Key Features

• Vulnerability Identification: Detailed description of the intercom's DTMF injection vulnerability, outlining its implications for security and safety.
• Proof of Concept: Provides a demonstration of the flaw, showcasing how DTMF tones can be used maliciously.
• Disclosure Timeline: A timeline that tracks the engagement between the report authors and Fermax regarding the vulnerability remediation process.

Benefits

• Security Awareness: Raises awareness of vulnerabilities in widely used intercom systems, helping to prevent unauthorized access.
• Collaboration with Vendors: Highlights the importance of timely communication and collaboration between security researchers and product manufacturers in addressing vulnerabilities.

Highlights

• Explains the attack vector and steps to reproduce the finding, enabling informed assessments of risk.
• Recommends validation mechanisms to be implemented in intercom systems to prevent similar vulnerabilities in the future.