CVE-2024-58336 - Vulnerability Details

Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00134.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Akuvox Subscribe	C313w-2 Subscribe C313w-2 Firmware Subscribe Nc-2 Subscribe Nc-2 Firmware Subscribe Ns-2 Subscribe Ns-2 Firmware Subscribe Nx-2 Subscribe Nx-2 Firmware Subscribe R20a-2 Subscribe R20a-2 Firmware Subscribe R20k-2 Subscribe R20k-2 Firmware Subscribe R29 Subscribe R29 Firmware Subscribe S532 Subscribe S532 Firmware Subscribe S539 Subscribe S539 Firmware Subscribe Smart Doorphone Subscribe Smart Intercom Subscribe X912 Subscribe X912 Firmware Subscribe X915 Subscribe X915 Firmware Subscribe X916 Subscribe X916 Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Akuvox Subscribe	Smart Doorphone Subscribe Smart Intercom Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://packetstormsecurity.com/files/180262/
https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php

History

Fri, 16 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

Tue, 13 Jan 2026 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Akuvox c313w-2 Akuvox c313w-2 Firmware Akuvox nc-2 Akuvox nc-2 Firmware Akuvox ns-2 Akuvox ns-2 Firmware Akuvox nx-2 Akuvox nx-2 Firmware Akuvox r20a-2 Akuvox r20a-2 Firmware Akuvox r20k-2 Akuvox r20k-2 Firmware Akuvox r29 Akuvox r29 Firmware Akuvox s532 Akuvox s532 Firmware Akuvox s539 Akuvox s539 Firmware Akuvox x912 Akuvox x912 Firmware Akuvox x915 Akuvox x915 Firmware Akuvox x916 Akuvox x916 Firmware
CPEs		cpe:2.3:h:akuvox:c313w-2:-:::::::* cpe:2.3:h:akuvox:nc-2:-:::::::* cpe:2.3:h:akuvox:ns-2:-:::::::* cpe:2.3:h:akuvox:nx-2:-:::::::* cpe:2.3:h:akuvox:r20a-2:-:::::::* cpe:2.3:h:akuvox:r20k-2:-:::::::* cpe:2.3:h:akuvox:r29:-:::::::* cpe:2.3:h:akuvox:s532:-:::::::* cpe:2.3:h:akuvox:s539:-:::::::* cpe:2.3:h:akuvox:x912:-:::::::* cpe:2.3:h:akuvox:x915:-:::::::* cpe:2.3:h:akuvox:x916:-:::::::* cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:::::::*
Vendors & Products		Akuvox c313w-2 Akuvox c313w-2 Firmware Akuvox nc-2 Akuvox nc-2 Firmware Akuvox ns-2 Akuvox ns-2 Firmware Akuvox nx-2 Akuvox nx-2 Firmware Akuvox r20a-2 Akuvox r20a-2 Firmware Akuvox r20k-2 Akuvox r20k-2 Firmware Akuvox r29 Akuvox r29 Firmware Akuvox s532 Akuvox s532 Firmware Akuvox s539 Akuvox s539 Firmware Akuvox x912 Akuvox x912 Firmware Akuvox x915 Akuvox x915 Firmware Akuvox x916 Akuvox x916 Firmware

Mon, 05 Jan 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Akuvox Akuvox smart Doorphone Akuvox smart Intercom
Vendors & Products		Akuvox Akuvox smart Doorphone Akuvox smart Intercom

Fri, 02 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 30 Dec 2025 23:00:00 +0000

Type	Values Removed	Values Added
Description		Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.
Title		Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure
Weaknesses		CWE-306
References		https://packetstormsecurity.com/files/180262/ https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-30T22:41:44.569Z

Updated: 2026-01-16T19:00:19.275Z

Reserved: 2025-12-26T17:10:59.893Z

Link: CVE-2024-58336

Vulnrichment

Updated: 2026-01-02T14:24:49.360Z

NVD

Status : Modified

Published: 2025-12-30T23:15:48.880

Modified: 2026-01-16T19:16:15.663

Link: CVE-2024-58336

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-01-05T10:19:20Z

Weaknesses

CWE-306

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object