CVE-2024-58337

Published: Dec 30, 2025Modified: Jan 16, 2026

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.

Affected (13)

Products: Akuvox: S539 Firmware, S532 Firmware, X916 Firmware, X915 Firmware, X912 Firmware, R29 Firmware, E16c Firmware, R20k 2 Firmware, R20a 2 Firmware, C313w 2 Firmware, Ns 2 Firmware, Nc 2 Firmware, Nx 2 Firmware

13 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox S539 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox S539	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox S532 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox S532	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox X916 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox X916	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox X915 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox X915	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox X912 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox X912	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox R29 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox R29	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox E16c Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox E16c	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox R20k 2 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox R20k 2	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox R20a 2 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox R20a 2	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox C313w 2 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox C313w 2	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox Ns 2 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox Ns 2	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox Nc 2 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox Nc 2	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox Nx 2 Firmware	Version 912.30.1.137

Running on/with	Platform Versions
Akuvox Nx 2	All versions

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (5)

https://cxsecurity.com/issue/WLB-2024110042

Source: disclosure@vulncheck.com

Third Party Advisory

https://packetstormsecurity.com/files/182870/

Source: disclosure@vulncheck.com

Broken Link

https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Third Party Advisory

Timeline

No history available yet.