Vulners
Lucene search
Akuvox Smart Intercom/Doorphone ServicesHTTPAPI Improper Access Control
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2024-58337 | 31 Dec 202517:06 | – | circl |
 | Akuvox S539 安全漏洞 | 30 Dec 202500:00 | – | cnnvd |
 | CVE-2024-58337 | 30 Dec 202522:41 | – | cve |
 | CVE-2024-58337 Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI | 30 Dec 202522:41 | – | cvelist |
 | EUVD-2024-55371 | 31 Dec 202500:31 | – | euvd |
 | CVE-2024-58337 | 30 Dec 202523:15 | – | nvd |
 | CVE-2024-58337 | 30 Dec 202523:15 | – | osv |
 | PT-2025-54257 | 30 Dec 202500:00 | – | ptsecurity |
 | CVE-2024-58337 Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI | 30 Dec 202522:41 | – | vulnrichment |
<html><body><p>Akuvox Smart Intercom/Doorphone ServicesHTTPAPI Improper Access Control
Vendor: The Akuvox Company
Product web page: https://www.akuvox.com
Affected version: Doorphone:
S539
S532
X916
X915
X912
R29
Intercom:
E16C
R20K-2
R20A-2
C313W-2
NS-2
NC-2
NX-2
Firmware: 912.30.1.137
Summary: Vandal-resistant Door Phone for High-end Buildings. Offering
top-of-the-line features, Akuvox X912 is targeted at high-end residential
and commercial projects. With a compact size, it is perfect for buildings
with limited installation space.
Desc: The Akuvox Smart Intercom/Doorphone suffers from an insecure service
API access control. The vulnerability in ServicesHTTPAPI endpoint allows
users with "User" privileges to modify API access settings and configurations.
This improper access control permits privilege escalation, enabling unauthorized
access to administrative functionalities. Exploitation of this issue could
compromise system integrity and lead to unauthorized system modifications.
Tested on: lighttpd/1.4.30
EasyHttpServer
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5862
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php
25.02.2024
--
http://192.168.1.2/#/ServicesHTTPAPI
# user:user
</p></body></html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Nov 2024 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.14.3
CVSS 48.7
EPSS0.00035
SSVC