cbcvebase.
CVE-2024-58336
published 2025-12-30

CVE-2024-58336: Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi…

PriorityP237medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.35%
26.8th percentile
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.

Affected

23 ranges
VendorProductVersion rangeFixed in
akuvoxc313w-2_firmware
akuvoxnc-2_firmware
akuvoxns-2_firmware
akuvoxnx-2_firmware
akuvoxr20a-2_firmware
akuvoxr20k-2_firmware
akuvoxr29_firmware
akuvoxs532_firmware
akuvoxs539_firmware
akuvoxx912_firmware
akuvoxx915_firmware
akuvoxx916_firmware
the_akuvox_companyakuvox_smart_doorphone
the_akuvox_companyakuvox_smart_doorphone
the_akuvox_companyakuvox_smart_doorphone
the_akuvox_companyakuvox_smart_doorphone
the_akuvox_companyakuvox_smart_doorphone
the_akuvox_companyakuvox_smart_intercom
the_akuvox_companyakuvox_smart_intercom
the_akuvox_companyakuvox_smart_intercom
the_akuvox_companyakuvox_smart_intercom
the_akuvox_companyakuvox_smart_intercom
the_akuvox_companyakuvox_smart_intercom

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.