CVE-2024-58337
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Akuvox Company | Akuvox Smart Doorphone | S539 | affected |
| The Akuvox Company | Akuvox Smart Doorphone | S532 | affected |
| The Akuvox Company | Akuvox Smart Doorphone | X916 | affected |
| The Akuvox Company | Akuvox Smart Doorphone | X915 | affected |
| The Akuvox Company | Akuvox Smart Doorphone | X912 | affected |
| The Akuvox Company | Akuvox Smart Intercom | R20K-2 | affected |
| The Akuvox Company | Akuvox Smart Intercom | R20A-2 | affected |
| The Akuvox Company | Akuvox Smart Intercom | C313W-2 | affected |
| The Akuvox Company | Akuvox Smart Intercom | NS-2 | affected |
| The Akuvox Company | Akuvox Smart Intercom | NC-2 | affected |
| The Akuvox Company | Akuvox Smart Intercom | NX-2 | affected |
Weaknesses
- CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php
- https://packetstormsecurity.com/files/182870/
- https://cxsecurity.com/issue/WLB-2024110042
- https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.