CVE-2024-58336

Summary

Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.

Affected Software

VendorProductVersion RangeStatus
The Akuvox CompanyAkuvox Smart DoorphoneS539affected
The Akuvox CompanyAkuvox Smart DoorphoneS532affected
The Akuvox CompanyAkuvox Smart DoorphoneX916affected
The Akuvox CompanyAkuvox Smart DoorphoneX915affected
The Akuvox CompanyAkuvox Smart DoorphoneX912affected
The Akuvox CompanyAkuvox Smart IntercomR20K-2affected
The Akuvox CompanyAkuvox Smart IntercomR20A-2affected
The Akuvox CompanyAkuvox Smart IntercomC313W-2affected
The Akuvox CompanyAkuvox Smart IntercomNS-2affected
The Akuvox CompanyAkuvox Smart IntercomNC-2affected
The Akuvox CompanyAkuvox Smart IntercomNX-2affected

Weaknesses

  • CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References