CVE-2024-58336

EUVD-2024-55372
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
VulnCheckCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
akuvoxs539_firmware
912.30.1.137
akuvoxs532_firmware
912.30.1.137
akuvoxx916_firmware
912.30.1.137
akuvoxx915_firmware
912.30.1.137
akuvoxx912_firmware
912.30.1.137
akuvoxr29_firmware
912.30.1.137
akuvoxr20k-2_firmware
912.30.1.137
akuvoxr20a-2_firmware
912.30.1.137
akuvoxc313w-2_firmware
912.30.1.137
akuvoxns-2_firmware
912.30.1.137
akuvoxnc-2_firmware
912.30.1.137
akuvoxnx-2_firmware
912.30.1.137
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://packetstormsecurity.com/files/180262/
https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php