CVE-2024-58336

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-58336
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://packetstormsecurity.com/files/180262/ Broken Link
https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*
History

16 Jan 2026, 19:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : 5.3

13 Jan 2026, 21:31

Type Values Removed Values Added
References () https://packetstormsecurity.com/files/180262/ - () https://packetstormsecurity.com/files/180262/ - Broken Link
References () https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure - () https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure - Third Party Advisory
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php - Third Party Advisory
CPE cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*
First Time Akuvox x915 Firmware
Akuvox r29
Akuvox x916 Firmware
Akuvox r20a-2
Akuvox x916
Akuvox nx-2 Firmware
Akuvox nc-2
Akuvox r20a-2 Firmware
Akuvox s532
Akuvox nx-2
Akuvox c313w-2 Firmware
Akuvox
Akuvox s539
Akuvox r20k-2 Firmware
Akuvox ns-2
Akuvox x915
Akuvox nc-2 Firmware
Akuvox s532 Firmware
Akuvox x912 Firmware
Akuvox r20k-2
Akuvox ns-2 Firmware
Akuvox s539 Firmware
Akuvox r29 Firmware
Akuvox c313w-2
Akuvox x912

02 Jan 2026, 15:15

Type Values Removed Values Added
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php -

30 Dec 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-30 23:15

Updated : 2026-01-16 19:16

NVD link : CVE-2024-58336

Mitre link : CVE-2024-58336

CVE.ORG link : CVE-2024-58336

JSON object : View

Products Affected

akuvox

  • s532
  • x916
  • s539
  • nx-2_firmware
  • x916_firmware
  • r20a-2_firmware
  • r29
  • ns-2_firmware
  • nc-2_firmware
  • s532_firmware
  • r20k-2
  • r29_firmware
  • r20k-2_firmware
  • c313w-2_firmware
  • x915_firmware
  • ns-2
  • nx-2
  • c313w-2
  • x915
  • nc-2
  • r20a-2
  • x912_firmware
  • s539_firmware
  • x912
CWE
CWE-306

Missing Authentication for Critical Function