CVE-2024-58337
MEDIUMAkuvox Smart Intercom S539 - Missing Authorization in API Access Settings
Title source: llmDescription
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php
Broken Link exploit
https://packetstormsecurity.com/files/182870/
Third Party Advisory third-party-advisory
https://cxsecurity.com/issue/WLB-2024110042
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi
Scores
CVSS v3
4.3
EPSS
0.0021
EPSS Percentile
11.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (13)
akuvox/c313w-2_firmware
912.30.1.137
akuvox/e16c_firmware
912.30.1.137
akuvox/nc-2_firmware
912.30.1.137
akuvox/ns-2_firmware
912.30.1.137
akuvox/nx-2_firmware
912.30.1.137
akuvox/r20a-2_firmware
912.30.1.137
akuvox/r20k-2_firmware
912.30.1.137
akuvox/r29_firmware
912.30.1.137
akuvox/s532_firmware
912.30.1.137
akuvox/s539_firmware
912.30.1.137
... and 3 more
Published
Dec 30, 2025
Tracked Since
Feb 18, 2026