Access Control Weakness in Fermax Outdoor Panel by Fermax
CVE-2017-16778

4.6MEDIUM

Key Information:

Vendor: Fermax
Status: Outdoor Panel Firmware
Vendor: CVE Published:; 24 December 2019

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2017-16778?

A significant flaw in the DTMF tone receiver of the Fermax Outdoor Panel exposes it to unauthorized physical access. This vulnerability stems from inadequate access control mechanisms, allowing attackers to exploit the system using specific Dual-Tone-Multi-Frequency (DTMF) tones. By injecting these tones, an attacker can bypass security measures and gain entry to restricted areas where only authorized personnel should be permitted. The design relies on the exclusive authority of residential unit owners to grant access; however, the failure in implementing proper safeguards means that this critical barrier can be compromised.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2017-16778-Intercom-DTMF-Injection
Created by breaktoprotect

References

https://github.com/breaktoprotect/CVE-2017-16778-Intercom...

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2019
🟡
Public PoC available
Dec 20, 2019
👾
Exploit known to exist
Dec 20, 2019
Vulnerability Reserved
Nov 10, 2017

CVE-2017-16778 Data

JSON