CVE-2024-58337

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-58337

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

A

kuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.

References
Link Resource
https://cxsecurity.com/issue/WLB-2024110042 Third Party Advisory
https://packetstormsecurity.com/files/182870/ Broken Link
https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:akuvox:e16c_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:e16c:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*
History

16 Jan 2026, 19:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 4.3

13 Jan 2026, 21:26

Type Values Removed Values Added
CPE cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:e16c:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:e16c_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*
cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*
cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*
First Time Akuvox e16c
Akuvox r20k-2
Akuvox r20k-2 Firmware
Akuvox x915
Akuvox r29
Akuvox ns-2
Akuvox c313w-2
Akuvox nx-2
Akuvox x915 Firmware
Akuvox s539 Firmware
Akuvox nc-2 Firmware
Akuvox c313w-2 Firmware
Akuvox r29 Firmware
Akuvox r20a-2
Akuvox x916 Firmware
Akuvox x912 Firmware
Akuvox r20a-2 Firmware
Akuvox nc-2
Akuvox s532 Firmware
Akuvox
Akuvox s539
Akuvox nx-2 Firmware
Akuvox s532
Akuvox ns-2 Firmware
Akuvox e16c Firmware
Akuvox x916
Akuvox x912
References () https://cxsecurity.com/issue/WLB-2024110042 - () https://cxsecurity.com/issue/WLB-2024110042 - Third Party Advisory
References () https://packetstormsecurity.com/files/182870/ - () https://packetstormsecurity.com/files/182870/ - Broken Link
References () https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi - () https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi - Third Party Advisory
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php - Third Party Advisory

02 Jan 2026, 15:15

Type Values Removed Values Added
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php -

30 Dec 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-30 23:15

Updated : 2026-01-16 19:16

NVD link : CVE-2024-58337

Mitre link : CVE-2024-58337

CVE.ORG link : CVE-2024-58337

JSON object : View

Products Affected

akuvox

CWE
CWE-862

Missing Authorization