{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T06:48:01.857","vulnerabilities":[{"cve":{"id":"CVE-2024-58337","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-12-30T23:15:49.060","lastModified":"2026-01-16T19:16:15.843","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities."},{"lang":"es","value":"Akuvox Smart Intercom S539 contiene una vulnerabilidad de control de acceso inadecuado que permite a los usuarios con privilegios de 'Usuario' modificar la configuraciĆ³n y los ajustes de acceso a la API. Los atacantes pueden explotar esta vulnerabilidad para escalar privilegios y obtener acceso no autorizado a funcionalidades administrativas."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"4B93FB44-0535-41BC-BF4C-2D8F0C3FE85D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*","matchCriteriaId":"675AF904-EEDF-4BED-A22E-A1861DD9914F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"0FAC3868-AEFE-4D6A-9B46-E5D1C2EB71D8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*","matchCriteriaId":"84E3746E-8A88-4859-B1AC-2EED52F5BAD2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"F0FBA49A-8092-4FCD-88CC-94112DEE5B60"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*","matchCriteriaId":"9DAFEA0C-F8CF-4F1D-8088-6F964806C6EB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"1757ADA6-F7AB-4D45-96BC-FE57026AB657"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:*","matchCriteriaId":"F2AF26BB-C4BC-4545-92B8-3B9B95764476"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"F86BCBD1-CF43-48EC-8C4B-AB979E5E8768"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:*","matchCriteriaId":"7AB133A3-D540-4F2F-8B13-1E22C5E0E3AA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:r29_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"0006AED3-ED18-47A4-B958-04CBFFC25499"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:r29:-:*:*:*:*:*:*:*","matchCriteriaId":"938BF758-03AE-41C3-9C96-57046116D574"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:e16c_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"0CD71B95-BE12-44E3-94C0-58B7535375CB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:e16c:-:*:*:*:*:*:*:*","matchCriteriaId":"D923673D-2EA6-494F-A490-86653B90A5C6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:r20k-2_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"352066CD-300D-4374-900F-A5ED571F7FA1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:r20k-2:-:*:*:*:*:*:*:*","matchCriteriaId":"57AA1254-009A-454E-B5E7-9624D5342360"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:r20a-2_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"1264C5AE-658F-4403-AEFC-D173713DD42A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:r20a-2:-:*:*:*:*:*:*:*","matchCriteriaId":"8D81E42E-BF72-4D3E-BF5C-3ACFE0D8B89C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:c313w-2_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"7B9C0606-EFDE-4C00-9EE8-4E08957A3309"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:c313w-2:-:*:*:*:*:*:*:*","matchCriteriaId":"CFCB3FB9-ECA5-45CF-B87B-64784EF01327"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:ns-2_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"AAAE1054-9DFB-41CC-BDA0-EA20FB02AE3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:ns-2:-:*:*:*:*:*:*:*","matchCriteriaId":"860C90D8-61DD-4692-8793-2A9AFC91CFBB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:nc-2_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"92992790-5B86-41D1-BB19-09705C5FBEDD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:nc-2:-:*:*:*:*:*:*:*","matchCriteriaId":"07F48379-47CE-498A-A930-009A8FE752ED"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:akuvox:nx-2_firmware:912.30.1.137:*:*:*:*:*:*:*","matchCriteriaId":"DA09C720-D7A0-4966-81AC-DA279B69B5D5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:akuvox:nx-2:-:*:*:*:*:*:*:*","matchCriteriaId":"C2C9FB0D-D5A7-455A-8C79-88A1C4889037"}]}]}],"references":[{"url":"https://cxsecurity.com/issue/WLB-2024110042","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://packetstormsecurity.com/files/182870/","source":"disclosure@vulncheck.com","tags":["Broken Link"]},{"url":"https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}}]}