Search criteria
6 vulnerabilities found for nc-2_firmware by akuvox
CVE-2024-58337 (GCVE-0-2024-58337)
Vulnerability from nvd – Published: 2025-12-30 22:41 – Updated: 2026-01-16 19:00
VLAI?
Title
Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI
Summary
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| The Akuvox Company | Akuvox Smart Doorphone |
Affected:
S539
Affected: S532 Affected: X916 Affected: X915 Affected: X912 |
|||||||
|
|||||||||
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T14:24:35.516682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T14:38:57.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Akuvox Smart Doorphone",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "S539"
},
{
"status": "affected",
"version": "S532"
},
{
"status": "affected",
"version": "X916"
},
{
"status": "affected",
"version": "X915"
},
{
"status": "affected",
"version": "X912"
}
]
},
{
"product": "Akuvox Smart Intercom",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "R20K-2"
},
{
"status": "affected",
"version": "R20A-2"
},
{
"status": "affected",
"version": "C313W-2"
},
{
"status": "affected",
"version": "NS-2"
},
{
"status": "affected",
"version": "NC-2"
},
{
"status": "affected",
"version": "NX-2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2024-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with \u0027User\u0027 privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T19:00:19.517Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure (ZSL-2024-5862)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/182870/"
},
{
"name": "CXSecurity Vulnerability Listing",
"tags": [
"third-party-advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2024110042"
},
{
"name": "VulnCheck Advisory: Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi"
}
],
"title": "Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58337",
"datePublished": "2025-12-30T22:41:44.989Z",
"dateReserved": "2025-12-26T17:10:59.894Z",
"dateUpdated": "2026-01-16T19:00:19.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58336 (GCVE-0-2024-58336)
Vulnerability from nvd – Published: 2025-12-30 22:41 – Updated: 2026-01-16 19:00
VLAI?
Title
Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure
Summary
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| The Akuvox Company | Akuvox Smart Doorphone |
Affected:
S539
Affected: S532 Affected: X916 Affected: X915 Affected: X912 |
|||||||
|
|||||||||
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58336",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T14:24:46.167763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T14:39:05.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Akuvox Smart Doorphone",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "S539"
},
{
"status": "affected",
"version": "S532"
},
{
"status": "affected",
"version": "X916"
},
{
"status": "affected",
"version": "X915"
},
{
"status": "affected",
"version": "X912"
}
]
},
{
"product": "Akuvox Smart Intercom",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "R20K-2"
},
{
"status": "affected",
"version": "R20A-2"
},
{
"status": "affected",
"version": "C313W-2"
},
{
"status": "affected",
"version": "NS-2"
},
{
"status": "affected",
"version": "NC-2"
},
{
"status": "affected",
"version": "NX-2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2024-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T19:00:19.275Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure (ZSL-2024-5826)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/180262/"
},
{
"name": "VulnCheck Advisory: Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure"
}
],
"title": "Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58336",
"datePublished": "2025-12-30T22:41:44.569Z",
"dateReserved": "2025-12-26T17:10:59.893Z",
"dateUpdated": "2026-01-16T19:00:19.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
FKIE_CVE-2024-58337
Vulnerability from fkie_nvd - Published: 2025-12-30 23:15 - Updated: 2026-01-16 19:16
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| akuvox | s539_firmware | 912.30.1.137 | |
| akuvox | s539 | - | |
| akuvox | s532_firmware | 912.30.1.137 | |
| akuvox | s532 | - | |
| akuvox | x916_firmware | 912.30.1.137 | |
| akuvox | x916 | - | |
| akuvox | x915_firmware | 912.30.1.137 | |
| akuvox | x915 | - | |
| akuvox | x912_firmware | 912.30.1.137 | |
| akuvox | x912 | - | |
| akuvox | r29_firmware | 912.30.1.137 | |
| akuvox | r29 | - | |
| akuvox | e16c_firmware | 912.30.1.137 | |
| akuvox | e16c | - | |
| akuvox | r20k-2_firmware | 912.30.1.137 | |
| akuvox | r20k-2 | - | |
| akuvox | r20a-2_firmware | 912.30.1.137 | |
| akuvox | r20a-2 | - | |
| akuvox | c313w-2_firmware | 912.30.1.137 | |
| akuvox | c313w-2 | - | |
| akuvox | ns-2_firmware | 912.30.1.137 | |
| akuvox | ns-2 | - | |
| akuvox | nc-2_firmware | 912.30.1.137 | |
| akuvox | nc-2 | - | |
| akuvox | nx-2_firmware | 912.30.1.137 | |
| akuvox | nx-2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "4B93FB44-0535-41BC-BF4C-2D8F0C3FE85D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "675AF904-EEDF-4BED-A22E-A1861DD9914F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "0FAC3868-AEFE-4D6A-9B46-E5D1C2EB71D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3746E-8A88-4859-B1AC-2EED52F5BAD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FBA49A-8092-4FCD-88CC-94112DEE5B60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAFEA0C-F8CF-4F1D-8088-6F964806C6EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "1757ADA6-F7AB-4D45-96BC-FE57026AB657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2AF26BB-C4BC-4545-92B8-3B9B95764476",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "F86BCBD1-CF43-48EC-8C4B-AB979E5E8768",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB133A3-D540-4F2F-8B13-1E22C5E0E3AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "0006AED3-ED18-47A4-B958-04CBFFC25499",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*",
"matchCriteriaId": "938BF758-03AE-41C3-9C96-57046116D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:e16c_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD71B95-BE12-44E3-94C0-58B7535375CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:e16c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D923673D-2EA6-494F-A490-86653B90A5C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "352066CD-300D-4374-900F-A5ED571F7FA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57AA1254-009A-454E-B5E7-9624D5342360",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "1264C5AE-658F-4403-AEFC-D173713DD42A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D81E42E-BF72-4D3E-BF5C-3ACFE0D8B89C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9C0606-EFDE-4C00-9EE8-4E08957A3309",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCB3FB9-ECA5-45CF-B87B-64784EF01327",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAE1054-9DFB-41CC-BDA0-EA20FB02AE3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "860C90D8-61DD-4692-8793-2A9AFC91CFBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "92992790-5B86-41D1-BB19-09705C5FBEDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07F48379-47CE-498A-A930-009A8FE752ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "DA09C720-D7A0-4966-81AC-DA279B69B5D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C9FB0D-D5A7-455A-8C79-88A1C4889037",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with \u0027User\u0027 privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities."
}
],
"id": "CVE-2024-58337",
"lastModified": "2026-01-16T19:16:15.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "disclosure@vulncheck.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
},
"published": "2025-12-30T23:15:49.060",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2024110042"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Broken Link"
],
"url": "https://packetstormsecurity.com/files/182870/"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-58336
Vulnerability from fkie_nvd - Published: 2025-12-30 23:15 - Updated: 2026-01-16 19:16
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| akuvox | s539_firmware | 912.30.1.137 | |
| akuvox | s539 | - | |
| akuvox | s532_firmware | 912.30.1.137 | |
| akuvox | s532 | - | |
| akuvox | x916_firmware | 912.30.1.137 | |
| akuvox | x916 | - | |
| akuvox | x915_firmware | 912.30.1.137 | |
| akuvox | x915 | - | |
| akuvox | x912_firmware | 912.30.1.137 | |
| akuvox | x912 | - | |
| akuvox | r29_firmware | 912.30.1.137 | |
| akuvox | r29 | - | |
| akuvox | r20k-2_firmware | 912.30.1.137 | |
| akuvox | r20k-2 | - | |
| akuvox | r20a-2_firmware | 912.30.1.137 | |
| akuvox | r20a-2 | - | |
| akuvox | c313w-2_firmware | 912.30.1.137 | |
| akuvox | c313w-2 | - | |
| akuvox | ns-2_firmware | 912.30.1.137 | |
| akuvox | ns-2 | - | |
| akuvox | nc-2_firmware | 912.30.1.137 | |
| akuvox | nc-2 | - | |
| akuvox | nx-2_firmware | 912.30.1.137 | |
| akuvox | nx-2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "4B93FB44-0535-41BC-BF4C-2D8F0C3FE85D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "675AF904-EEDF-4BED-A22E-A1861DD9914F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "0FAC3868-AEFE-4D6A-9B46-E5D1C2EB71D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3746E-8A88-4859-B1AC-2EED52F5BAD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FBA49A-8092-4FCD-88CC-94112DEE5B60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAFEA0C-F8CF-4F1D-8088-6F964806C6EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "1757ADA6-F7AB-4D45-96BC-FE57026AB657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2AF26BB-C4BC-4545-92B8-3B9B95764476",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "F86BCBD1-CF43-48EC-8C4B-AB979E5E8768",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB133A3-D540-4F2F-8B13-1E22C5E0E3AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "0006AED3-ED18-47A4-B958-04CBFFC25499",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*",
"matchCriteriaId": "938BF758-03AE-41C3-9C96-57046116D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "352066CD-300D-4374-900F-A5ED571F7FA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57AA1254-009A-454E-B5E7-9624D5342360",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "1264C5AE-658F-4403-AEFC-D173713DD42A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D81E42E-BF72-4D3E-BF5C-3ACFE0D8B89C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9C0606-EFDE-4C00-9EE8-4E08957A3309",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCB3FB9-ECA5-45CF-B87B-64784EF01327",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAE1054-9DFB-41CC-BDA0-EA20FB02AE3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "860C90D8-61DD-4692-8793-2A9AFC91CFBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "92992790-5B86-41D1-BB19-09705C5FBEDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07F48379-47CE-498A-A930-009A8FE752ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "DA09C720-D7A0-4966-81AC-DA279B69B5D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C9FB0D-D5A7-455A-8C79-88A1C4889037",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices."
}
],
"id": "CVE-2024-58336",
"lastModified": "2026-01-16T19:16:15.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "disclosure@vulncheck.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
},
"published": "2025-12-30T23:15:48.880",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Broken Link"
],
"url": "https://packetstormsecurity.com/files/180262/"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
}
CVE-2024-58337 (GCVE-0-2024-58337)
Vulnerability from cvelistv5 – Published: 2025-12-30 22:41 – Updated: 2026-01-16 19:00
VLAI?
Title
Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI
Summary
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| The Akuvox Company | Akuvox Smart Doorphone |
Affected:
S539
Affected: S532 Affected: X916 Affected: X915 Affected: X912 |
|||||||
|
|||||||||
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T14:24:35.516682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T14:38:57.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Akuvox Smart Doorphone",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "S539"
},
{
"status": "affected",
"version": "S532"
},
{
"status": "affected",
"version": "X916"
},
{
"status": "affected",
"version": "X915"
},
{
"status": "affected",
"version": "X912"
}
]
},
{
"product": "Akuvox Smart Intercom",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "R20K-2"
},
{
"status": "affected",
"version": "R20A-2"
},
{
"status": "affected",
"version": "C313W-2"
},
{
"status": "affected",
"version": "NS-2"
},
{
"status": "affected",
"version": "NC-2"
},
{
"status": "affected",
"version": "NX-2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2024-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with \u0027User\u0027 privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T19:00:19.517Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure (ZSL-2024-5862)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/182870/"
},
{
"name": "CXSecurity Vulnerability Listing",
"tags": [
"third-party-advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2024110042"
},
{
"name": "VulnCheck Advisory: Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi"
}
],
"title": "Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58337",
"datePublished": "2025-12-30T22:41:44.989Z",
"dateReserved": "2025-12-26T17:10:59.894Z",
"dateUpdated": "2026-01-16T19:00:19.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58336 (GCVE-0-2024-58336)
Vulnerability from cvelistv5 – Published: 2025-12-30 22:41 – Updated: 2026-01-16 19:00
VLAI?
Title
Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure
Summary
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| The Akuvox Company | Akuvox Smart Doorphone |
Affected:
S539
Affected: S532 Affected: X916 Affected: X915 Affected: X912 |
|||||||
|
|||||||||
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58336",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T14:24:46.167763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T14:39:05.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Akuvox Smart Doorphone",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "S539"
},
{
"status": "affected",
"version": "S532"
},
{
"status": "affected",
"version": "X916"
},
{
"status": "affected",
"version": "X915"
},
{
"status": "affected",
"version": "X912"
}
]
},
{
"product": "Akuvox Smart Intercom",
"vendor": "The Akuvox Company",
"versions": [
{
"status": "affected",
"version": "R20K-2"
},
{
"status": "affected",
"version": "R20A-2"
},
{
"status": "affected",
"version": "C313W-2"
},
{
"status": "affected",
"version": "NS-2"
},
{
"status": "affected",
"version": "NC-2"
},
{
"status": "affected",
"version": "NX-2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2024-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T19:00:19.275Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure (ZSL-2024-5826)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/180262/"
},
{
"name": "VulnCheck Advisory: Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure"
}
],
"title": "Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58336",
"datePublished": "2025-12-30T22:41:44.569Z",
"dateReserved": "2025-12-26T17:10:59.893Z",
"dateUpdated": "2026-01-16T19:00:19.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}