CVE-2024-58337

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-58337
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://cxsecurity.com/issue/WLB-2024110042 Third Party Advisory
https://packetstormsecurity.com/files/182870/ Broken Link
https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:akuvox:e16c_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:e16c:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*
History

16 Jan 2026, 19:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 4.3

13 Jan 2026, 21:26

Type Values Removed Values Added
First Time Akuvox x915 Firmware
Akuvox e16c
Akuvox r29
Akuvox x916 Firmware
Akuvox r20a-2
Akuvox x916
Akuvox nx-2 Firmware
Akuvox nc-2
Akuvox r20a-2 Firmware
Akuvox s532
Akuvox nx-2
Akuvox c313w-2 Firmware
Akuvox
Akuvox s539
Akuvox r20k-2 Firmware
Akuvox ns-2
Akuvox e16c Firmware
Akuvox x915
Akuvox nc-2 Firmware
Akuvox s532 Firmware
Akuvox x912 Firmware
Akuvox r20k-2
Akuvox ns-2 Firmware
Akuvox s539 Firmware
Akuvox r29 Firmware
Akuvox c313w-2
Akuvox x912
References () https://cxsecurity.com/issue/WLB-2024110042 - () https://cxsecurity.com/issue/WLB-2024110042 - Third Party Advisory
References () https://packetstormsecurity.com/files/182870/ - () https://packetstormsecurity.com/files/182870/ - Broken Link
References () https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi - () https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi - Third Party Advisory
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php - Third Party Advisory
CPE cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:e16c:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:e16c_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*

02 Jan 2026, 15:15

Type Values Removed Values Added
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php -

30 Dec 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-30 23:15

Updated : 2026-01-16 19:16

NVD link : CVE-2024-58337

Mitre link : CVE-2024-58337

CVE.ORG link : CVE-2024-58337

JSON object : View

Products Affected

akuvox

  • s532
  • x916
  • s539
  • nx-2_firmware
  • x916_firmware
  • r20a-2_firmware
  • r29
  • ns-2_firmware
  • nc-2_firmware
  • e16c
  • e16c_firmware
  • s532_firmware
  • r20k-2
  • r29_firmware
  • r20k-2_firmware
  • c313w-2_firmware
  • x915_firmware
  • ns-2
  • nx-2
  • c313w-2
  • x915
  • nc-2
  • r20a-2
  • x912_firmware
  • s539_firmware
  • x912
CWE
CWE-862

Missing Authorization