CVE-2024-58336
Unauthenticated Video Stream Access in Akuvox Smart Intercom S
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| akuvox | s539 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Akuvox Smart Intercom S539 devices, where an unauthenticated remote attacker can access live video streams by directly requesting the video.cgi endpoint on port 8080. This means attackers do not need to authenticate to retrieve video stream data from affected doorphone and intercom devices.
How can this vulnerability impact me? :
The vulnerability allows unauthorized remote attackers to access live video streams without authentication, potentially leading to privacy breaches, unauthorized surveillance, and exposure of sensitive video data from the affected devices.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by attempting to access the video.cgi endpoint on port 8080 of the Akuvox Smart Intercom S539 device. For example, use a command like: curl http://<device-ip>:8080/video.cgi If the device returns live video stream data without requiring authentication, it is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the device's port 8080, implementing firewall rules to block unauthorized access, and applying any available firmware updates or patches from the vendor to fix the unauthenticated access issue.