Search criteria
4 vulnerabilities found for Akuvox Smart Doorphone by The Akuvox Company
CVE-2024-58337 (GCVE-0-2024-58337)
Vulnerability from nvd – Published: 2025-12-30 22:41 – Updated: 2025-12-30 22:41
VLAI?
Title
Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI
Summary
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| The Akuvox Company | Akuvox Smart Doorphone |
Affected:
S539
Affected: S532 Affected: X916 Affected: X915 Affected: X912 |
|||||||
|
|||||||||
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"cna": {
"affected": [
{
"product": "Akuvox Smart Doorphone",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "S539"
},
{
"status": "affected",
"version": "S532"
},
{
"status": "affected",
"version": "X916"
},
{
"status": "affected",
"version": "X915"
},
{
"status": "affected",
"version": "X912"
}
]
},
{
"product": "Akuvox Smart Intercom",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "R20K-2"
},
{
"status": "affected",
"version": "R20A-2"
},
{
"status": "affected",
"version": "C313W-2"
},
{
"status": "affected",
"version": "NS-2"
},
{
"status": "affected",
"version": "NC-2"
},
{
"status": "affected",
"version": "NX-2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2024-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with \u0027User\u0027 privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T22:41:44.989Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure (ZSL-2024-5862)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/182870/"
},
{
"name": "CXSecurity Vulnerability Listing",
"tags": [
"third-party-advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2024110042"
},
{
"name": "VulnCheck Advisory: Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi"
}
],
"title": "Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58337",
"datePublished": "2025-12-30T22:41:44.989Z",
"dateReserved": "2025-12-26T17:10:59.894Z",
"dateUpdated": "2025-12-30T22:41:44.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58336 (GCVE-0-2024-58336)
Vulnerability from nvd – Published: 2025-12-30 22:41 – Updated: 2025-12-30 22:41
VLAI?
Title
Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure
Summary
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| The Akuvox Company | Akuvox Smart Doorphone |
Affected:
S539
Affected: S532 Affected: X916 Affected: X915 Affected: X912 |
|||||||
|
|||||||||
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"cna": {
"affected": [
{
"product": "Akuvox Smart Doorphone",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "S539"
},
{
"status": "affected",
"version": "S532"
},
{
"status": "affected",
"version": "X916"
},
{
"status": "affected",
"version": "X915"
},
{
"status": "affected",
"version": "X912"
}
]
},
{
"product": "Akuvox Smart Intercom",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "R20K-2"
},
{
"status": "affected",
"version": "R20A-2"
},
{
"status": "affected",
"version": "C313W-2"
},
{
"status": "affected",
"version": "NS-2"
},
{
"status": "affected",
"version": "NC-2"
},
{
"status": "affected",
"version": "NX-2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2024-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T22:41:44.569Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure (ZSL-2024-5826)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/180262/"
},
{
"name": "VulnCheck Advisory: Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure"
}
],
"title": "Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58336",
"datePublished": "2025-12-30T22:41:44.569Z",
"dateReserved": "2025-12-26T17:10:59.893Z",
"dateUpdated": "2025-12-30T22:41:44.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58336 (GCVE-0-2024-58336)
Vulnerability from cvelistv5 – Published: 2025-12-30 22:41 – Updated: 2025-12-30 22:41
VLAI?
Title
Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure
Summary
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| The Akuvox Company | Akuvox Smart Doorphone |
Affected:
S539
Affected: S532 Affected: X916 Affected: X915 Affected: X912 |
|||||||
|
|||||||||
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"cna": {
"affected": [
{
"product": "Akuvox Smart Doorphone",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "S539"
},
{
"status": "affected",
"version": "S532"
},
{
"status": "affected",
"version": "X916"
},
{
"status": "affected",
"version": "X915"
},
{
"status": "affected",
"version": "X912"
}
]
},
{
"product": "Akuvox Smart Intercom",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "R20K-2"
},
{
"status": "affected",
"version": "R20A-2"
},
{
"status": "affected",
"version": "C313W-2"
},
{
"status": "affected",
"version": "NS-2"
},
{
"status": "affected",
"version": "NC-2"
},
{
"status": "affected",
"version": "NX-2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2024-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T22:41:44.569Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure (ZSL-2024-5826)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/180262/"
},
{
"name": "VulnCheck Advisory: Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure"
}
],
"title": "Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58336",
"datePublished": "2025-12-30T22:41:44.569Z",
"dateReserved": "2025-12-26T17:10:59.893Z",
"dateUpdated": "2025-12-30T22:41:44.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58337 (GCVE-0-2024-58337)
Vulnerability from cvelistv5 – Published: 2025-12-30 22:41 – Updated: 2025-12-30 22:41
VLAI?
Title
Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI
Summary
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| The Akuvox Company | Akuvox Smart Doorphone |
Affected:
S539
Affected: S532 Affected: X916 Affected: X915 Affected: X912 |
|||||||
|
|||||||||
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"cna": {
"affected": [
{
"product": "Akuvox Smart Doorphone",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "S539"
},
{
"status": "affected",
"version": "S532"
},
{
"status": "affected",
"version": "X916"
},
{
"status": "affected",
"version": "X915"
},
{
"status": "affected",
"version": "X912"
}
]
},
{
"product": "Akuvox Smart Intercom",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "R20K-2"
},
{
"status": "affected",
"version": "R20A-2"
},
{
"status": "affected",
"version": "C313W-2"
},
{
"status": "affected",
"version": "NS-2"
},
{
"status": "affected",
"version": "NC-2"
},
{
"status": "affected",
"version": "NX-2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2024-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with \u0027User\u0027 privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T22:41:44.989Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure (ZSL-2024-5862)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/182870/"
},
{
"name": "CXSecurity Vulnerability Listing",
"tags": [
"third-party-advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2024110042"
},
{
"name": "VulnCheck Advisory: Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi"
}
],
"title": "Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58337",
"datePublished": "2025-12-30T22:41:44.989Z",
"dateReserved": "2025-12-26T17:10:59.894Z",
"dateUpdated": "2025-12-30T22:41:44.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}