FKIE_CVE-2024-58336
Vulnerability from fkie_nvd - Published: 2025-12-30 23:15 - Updated: 2026-01-16 19:16
Severity
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| akuvox | s539_firmware | 912.30.1.137 | |
| akuvox | s539 | - | |
| akuvox | s532_firmware | 912.30.1.137 | |
| akuvox | s532 | - | |
| akuvox | x916_firmware | 912.30.1.137 | |
| akuvox | x916 | - | |
| akuvox | x915_firmware | 912.30.1.137 | |
| akuvox | x915 | - | |
| akuvox | x912_firmware | 912.30.1.137 | |
| akuvox | x912 | - | |
| akuvox | r29_firmware | 912.30.1.137 | |
| akuvox | r29 | - | |
| akuvox | r20k-2_firmware | 912.30.1.137 | |
| akuvox | r20k-2 | - | |
| akuvox | r20a-2_firmware | 912.30.1.137 | |
| akuvox | r20a-2 | - | |
| akuvox | c313w-2_firmware | 912.30.1.137 | |
| akuvox | c313w-2 | - | |
| akuvox | ns-2_firmware | 912.30.1.137 | |
| akuvox | ns-2 | - | |
| akuvox | nc-2_firmware | 912.30.1.137 | |
| akuvox | nc-2 | - | |
| akuvox | nx-2_firmware | 912.30.1.137 | |
| akuvox | nx-2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "4B93FB44-0535-41BC-BF4C-2D8F0C3FE85D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "675AF904-EEDF-4BED-A22E-A1861DD9914F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "0FAC3868-AEFE-4D6A-9B46-E5D1C2EB71D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3746E-8A88-4859-B1AC-2EED52F5BAD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FBA49A-8092-4FCD-88CC-94112DEE5B60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAFEA0C-F8CF-4F1D-8088-6F964806C6EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "1757ADA6-F7AB-4D45-96BC-FE57026AB657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2AF26BB-C4BC-4545-92B8-3B9B95764476",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "F86BCBD1-CF43-48EC-8C4B-AB979E5E8768",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB133A3-D540-4F2F-8B13-1E22C5E0E3AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "0006AED3-ED18-47A4-B958-04CBFFC25499",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*",
"matchCriteriaId": "938BF758-03AE-41C3-9C96-57046116D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "352066CD-300D-4374-900F-A5ED571F7FA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57AA1254-009A-454E-B5E7-9624D5342360",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "1264C5AE-658F-4403-AEFC-D173713DD42A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D81E42E-BF72-4D3E-BF5C-3ACFE0D8B89C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9C0606-EFDE-4C00-9EE8-4E08957A3309",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCB3FB9-ECA5-45CF-B87B-64784EF01327",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAE1054-9DFB-41CC-BDA0-EA20FB02AE3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "860C90D8-61DD-4692-8793-2A9AFC91CFBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "92992790-5B86-41D1-BB19-09705C5FBEDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07F48379-47CE-498A-A930-009A8FE752ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
"matchCriteriaId": "DA09C720-D7A0-4966-81AC-DA279B69B5D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C9FB0D-D5A7-455A-8C79-88A1C4889037",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices."
},
{
"lang": "es",
"value": "Akuvox Smart Intercom S539 contiene una vulnerabilidad no autenticada que permite a atacantes remotos acceder a transmisiones de video en vivo solicitando el endpoint video.cgi en el puerto 8080. Los atacantes pueden recuperar datos de transmisi\u00f3n de video sin autenticaci\u00f3n accediendo directamente al endpoint especificado en dispositivos de portero autom\u00e1tico y de intercomunicaci\u00f3n Akuvox afectados."
}
],
"id": "CVE-2024-58336",
"lastModified": "2026-01-16T19:16:15.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "disclosure@vulncheck.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
},
"published": "2025-12-30T23:15:48.880",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Broken Link"
],
"url": "https://packetstormsecurity.com/files/180262/"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…