CVE-2024-58337

EUVD-2024-55371
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
VulnCheckCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
akuvoxs539_firmware
912.30.1.137
akuvoxs532_firmware
912.30.1.137
akuvoxx916_firmware
912.30.1.137
akuvoxx915_firmware
912.30.1.137
akuvoxx912_firmware
912.30.1.137
akuvoxr29_firmware
912.30.1.137
akuvoxe16c_firmware
912.30.1.137
akuvoxr20k-2_firmware
912.30.1.137
akuvoxr20a-2_firmware
912.30.1.137
akuvoxc313w-2_firmware
912.30.1.137
akuvoxns-2_firmware
912.30.1.137
akuvoxnc-2_firmware
912.30.1.137
akuvoxnx-2_firmware
912.30.1.137
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cxsecurity.com/issue/WLB-2024110042
https://packetstormsecurity.com/files/182870/
https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php