CVE-2024-58337 - Vulnerability Details

Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Akuvox	C313w-2 C313w-2 Firmware E16c E16c Firmware Nc-2 Nc-2 Firmware Ns-2 Ns-2 Firmware Nx-2 Nx-2 Firmware R20a-2 R20a-2 Firmware R20k-2 R20k-2 Firmware R29 R29 Firmware S532 S532 Firmware S539 S539 Firmware Smart Doorphone Smart Intercom X912 X912 Firmware X915 X915 Firmware X916 X916 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:akuvox:e16c_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:e16c:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*

cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cxsecurity.com/issue/WLB-2024110042
https://packetstormsecurity.com/files/182870/
https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php

History

Tue, 13 Jan 2026 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Akuvox c313w-2 Akuvox c313w-2 Firmware Akuvox e16c Akuvox e16c Firmware Akuvox nc-2 Akuvox nc-2 Firmware Akuvox ns-2 Akuvox ns-2 Firmware Akuvox nx-2 Akuvox nx-2 Firmware Akuvox r20a-2 Akuvox r20a-2 Firmware Akuvox r20k-2 Akuvox r20k-2 Firmware Akuvox r29 Akuvox r29 Firmware Akuvox s532 Akuvox s532 Firmware Akuvox s539 Akuvox s539 Firmware Akuvox x912 Akuvox x912 Firmware Akuvox x915 Akuvox x915 Firmware Akuvox x916 Akuvox x916 Firmware
CPEs		cpe:2.3:h:akuvox:c313w-2:-:::::::* cpe:2.3:h:akuvox:e16c:-:::::::* cpe:2.3:h:akuvox:nc-2:-:::::::* cpe:2.3:h:akuvox:ns-2:-:::::::* cpe:2.3:h:akuvox:nx-2:-:::::::* cpe:2.3:h:akuvox:r20a-2:-:::::::* cpe:2.3:h:akuvox:r20k-2:-:::::::* cpe:2.3:h:akuvox:r29:-:::::::* cpe:2.3:h:akuvox:s532:-:::::::* cpe:2.3:h:akuvox:s539:-:::::::* cpe:2.3:h:akuvox:x912:-:::::::* cpe:2.3:h:akuvox:x915:-:::::::* cpe:2.3:h:akuvox:x916:-:::::::* cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:e16c_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:::::::* cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:::::::*
Vendors & Products		Akuvox c313w-2 Akuvox c313w-2 Firmware Akuvox e16c Akuvox e16c Firmware Akuvox nc-2 Akuvox nc-2 Firmware Akuvox ns-2 Akuvox ns-2 Firmware Akuvox nx-2 Akuvox nx-2 Firmware Akuvox r20a-2 Akuvox r20a-2 Firmware Akuvox r20k-2 Akuvox r20k-2 Firmware Akuvox r29 Akuvox r29 Firmware Akuvox s532 Akuvox s532 Firmware Akuvox s539 Akuvox s539 Firmware Akuvox x912 Akuvox x912 Firmware Akuvox x915 Akuvox x915 Firmware Akuvox x916 Akuvox x916 Firmware

Mon, 05 Jan 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Akuvox Akuvox smart Doorphone Akuvox smart Intercom
Vendors & Products		Akuvox Akuvox smart Doorphone Akuvox smart Intercom

Fri, 02 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 30 Dec 2025 23:00:00 +0000

Type	Values Removed	Values Added
Description		Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.
Title		Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI
Weaknesses		CWE-862
References		https://cxsecurity.com/issue/WLB-2024110042 https://packetstormsecurity.com/files/182870/ https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-30T22:41:44.989Z

Updated: 2026-01-02T14:38:57.652Z

Reserved: 2025-12-26T17:10:59.894Z

Link: CVE-2024-58337

Vulnrichment

Updated: 2026-01-02T14:24:39.962Z

NVD

Status : Analyzed

Published: 2025-12-30T23:15:49.060

Modified: 2026-01-13T21:26:30.400

Link: CVE-2024-58337

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object