CVE-2017-16778

Name of the Vulnerable Software and Affected Versions Fermax Outdoor Panel (affected versions not specified)

Description An access control weakness in the DTMF tone receiver allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant, enabling unauthorized physical access to a restricted floor or level. Normally, only a residential unit owner can allow such access. However, due to incorrect access control, an attacker can inject the tone via the speaker unit to gain access. This can be achieved by injecting a loud DTMF tone representing '1' and a long '#' (697 Hz and 1209 Hz, followed by 941 Hz and 1477 Hz).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.