CVE-2024-58337

Summary

Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.

Affected Software

VendorProductVersion RangeStatus
The Akuvox CompanyAkuvox Smart DoorphoneS539affected
The Akuvox CompanyAkuvox Smart DoorphoneS532affected
The Akuvox CompanyAkuvox Smart DoorphoneX916affected
The Akuvox CompanyAkuvox Smart DoorphoneX915affected
The Akuvox CompanyAkuvox Smart DoorphoneX912affected
The Akuvox CompanyAkuvox Smart IntercomR20K-2affected
The Akuvox CompanyAkuvox Smart IntercomR20A-2affected
The Akuvox CompanyAkuvox Smart IntercomC313W-2affected
The Akuvox CompanyAkuvox Smart IntercomNS-2affected
The Akuvox CompanyAkuvox Smart IntercomNC-2affected
The Akuvox CompanyAkuvox Smart IntercomNX-2affected

Weaknesses

  • CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References