CVE-2024-58336

Published: Dec 30, 2025Modified: Jan 16, 2026

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.

Affected (12)

Products: Akuvox: S539 Firmware, S532 Firmware, X916 Firmware, X915 Firmware, X912 Firmware, R29 Firmware, R20k 2 Firmware, R20a 2 Firmware, C313w 2 Firmware, Ns 2 Firmware, Nc 2 Firmware, Nx 2 Firmware

12 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox S539 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox S539	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox S532 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox S532	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox X916 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox X916	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox X915 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox X915	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox X912 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox X912	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox R29 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox R29	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox R20k 2 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox R20k 2	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox R20a 2 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox R20a 2	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox C313w 2 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox C313w 2	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox Ns 2 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox Ns 2	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox Nc 2 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox Nc 2	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox Nx 2 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox Nx 2	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://packetstormsecurity.com/files/180262/

Source: disclosure@vulncheck.com

Broken Link

https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Third Party Advisory

Timeline

No history available yet.