Home

Description

Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.

PUBLISHED Reserved 2025-12-26 | Published 2025-12-30 | Updated 2025-12-30 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Missing Authentication for Critical Function

Product status

S539
affected

S532
affected

X916
affected

X915
affected

X912
affected

R20K-2
affected

R20A-2
affected

C313W-2
affected

NS-2
affected

NC-2
affected

NX-2
affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php (Zero Science Lab Disclosure (ZSL-2024-5826)) third-party-advisory

packetstormsecurity.com/files/180262/ (Packet Storm Security Exploit Entry) exploit

www.vulncheck.com/...unauthenticated-video-stream-disclosure (VulnCheck Advisory: Akuvox Smart Intercom S539 Unauthenticated Video Stream Disclosure) third-party-advisory

cve.org (CVE-2024-58336)

nvd.nist.gov (CVE-2024-58336)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.