FKIE_CVE-2024-58337

Vulnerability from fkie_nvd - Published: 2025-12-30 23:15 - Updated: 2026-01-16 19:16
Severity
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.
References
disclosure@vulncheck.comhttps://cxsecurity.com/issue/WLB-2024110042Third Party Advisory
disclosure@vulncheck.comhttps://packetstormsecurity.com/files/182870/Broken Link
disclosure@vulncheck.comhttps://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapiThird Party Advisory
disclosure@vulncheck.comhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.phpThird Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.phpThird Party Advisory
Impacted products
Vendor Product Version
akuvox s539_firmware 912.30.1.137
akuvox s539 -
akuvox s532_firmware 912.30.1.137
akuvox s532 -
akuvox x916_firmware 912.30.1.137
akuvox x916 -
akuvox x915_firmware 912.30.1.137
akuvox x915 -
akuvox x912_firmware 912.30.1.137
akuvox x912 -
akuvox r29_firmware 912.30.1.137
akuvox r29 -
akuvox e16c_firmware 912.30.1.137
akuvox e16c -
akuvox r20k-2_firmware 912.30.1.137
akuvox r20k-2 -
akuvox r20a-2_firmware 912.30.1.137
akuvox r20a-2 -
akuvox c313w-2_firmware 912.30.1.137
akuvox c313w-2 -
akuvox ns-2_firmware 912.30.1.137
akuvox ns-2 -
akuvox nc-2_firmware 912.30.1.137
akuvox nc-2 -
akuvox nx-2_firmware 912.30.1.137
akuvox nx-2 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B93FB44-0535-41BC-BF4C-2D8F0C3FE85D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "675AF904-EEDF-4BED-A22E-A1861DD9914F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FAC3868-AEFE-4D6A-9B46-E5D1C2EB71D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E3746E-8A88-4859-B1AC-2EED52F5BAD2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FBA49A-8092-4FCD-88CC-94112DEE5B60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DAFEA0C-F8CF-4F1D-8088-6F964806C6EB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "1757ADA6-F7AB-4D45-96BC-FE57026AB657",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2AF26BB-C4BC-4545-92B8-3B9B95764476",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "F86BCBD1-CF43-48EC-8C4B-AB979E5E8768",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB133A3-D540-4F2F-8B13-1E22C5E0E3AA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "0006AED3-ED18-47A4-B958-04CBFFC25499",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "938BF758-03AE-41C3-9C96-57046116D574",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:e16c_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CD71B95-BE12-44E3-94C0-58B7535375CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:e16c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D923673D-2EA6-494F-A490-86653B90A5C6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "352066CD-300D-4374-900F-A5ED571F7FA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AA1254-009A-454E-B5E7-9624D5342360",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "1264C5AE-658F-4403-AEFC-D173713DD42A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D81E42E-BF72-4D3E-BF5C-3ACFE0D8B89C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B9C0606-EFDE-4C00-9EE8-4E08957A3309",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFCB3FB9-ECA5-45CF-B87B-64784EF01327",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAAE1054-9DFB-41CC-BDA0-EA20FB02AE3C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "860C90D8-61DD-4692-8793-2A9AFC91CFBB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "92992790-5B86-41D1-BB19-09705C5FBEDD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07F48379-47CE-498A-A930-009A8FE752ED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA09C720-D7A0-4966-81AC-DA279B69B5D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2C9FB0D-D5A7-455A-8C79-88A1C4889037",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with \u0027User\u0027 privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities."
    },
    {
      "lang": "es",
      "value": "Akuvox Smart Intercom S539 contiene una vulnerabilidad de control de acceso inadecuado que permite a los usuarios con privilegios de \u0027Usuario\u0027 modificar la configuraci\u00f3n y los ajustes de acceso a la API. Los atacantes pueden explotar esta vulnerabilidad para escalar privilegios y obtener acceso no autorizado a funcionalidades administrativas."
    }
  ],
  "id": "CVE-2024-58337",
  "lastModified": "2026-01-16T19:16:15.843",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "disclosure@vulncheck.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-30T23:15:49.060",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cxsecurity.com/issue/WLB-2024110042"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://packetstormsecurity.com/files/182870/"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.