CVE-2024-58336 – Akuvox Smart Intercom S539 devices contain an u... (How to Fix)

Q: What is the severity of CVE-2024-58336?

CVE-2024-58336 has a CVSS score of 5.3 (MEDIUM). Akuvox Smart Intercom S539 devices contain an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication by directly requesting the video.cgi endpoint on port 8080. This affects Akuvox doorphone and intercom devices, potentially exposing private video feeds to unauthorized individuals.

📋 TL;DR

Akuvox Smart Intercom S539 devices contain an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication by directly requesting the video.cgi endpoint on port 8080. This affects Akuvox doorphone and intercom devices, potentially exposing private video feeds to unauthorized individuals.

💻 Affected Systems

Products:

Akuvox Smart Intercom S539

Versions: All versions prior to patch (specific version information not provided in references)

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with the video.cgi endpoint accessible on port 8080. May affect other Akuvox intercom models with similar configurations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of privacy as attackers can monitor all video feeds from vulnerable devices, potentially capturing sensitive activities, personal information, or security footage.

🟠

Likely Case

Unauthorized surveillance of entry points, allowing attackers to monitor who enters/exits premises, potentially enabling social engineering or physical security bypass.

🟢

If Mitigated

Limited to internal network access only, reducing exposure to authorized personnel within the network perimeter.

🌐 Internet-Facing: HIGH - Devices exposed to the internet can be directly accessed by any remote attacker without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still access video streams, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request to video.cgi endpoint on port 8080. No authentication or special tools required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

Check Akuvox official website for firmware updates. Apply latest firmware if available. If no patch exists, implement workarounds.

🔧 Temporary Workarounds

Network Access Control

linux

Restrict access to port 8080 on affected devices using firewall rules

iptables -A INPUT -p tcp --dport 8080 -j DROP
ufw deny 8080

Network Segmentation

all

Place intercom devices on isolated VLAN separate from sensitive networks

🧯 If You Can't Patch

Block port 8080 at network perimeter using firewall rules
Disable remote access features if not required
Monitor network traffic to port 8080 for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Attempt to access http://[device_ip]:8080/video.cgi from an unauthenticated session. If video stream loads without authentication, device is vulnerable.

Check Version:

Check device web interface or console for firmware version information

Verify Fix Applied:

After implementing controls, verify that http://[device_ip]:8080/video.cgi returns authentication error or is inaccessible.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /video.cgi without authentication
Multiple failed authentication attempts followed by successful video.cgi access

Network Indicators:

Unusual traffic to port 8080 from external IPs
Video stream data being transmitted to unauthorized destinations

SIEM Query:

source_ip=* AND dest_port=8080 AND uri_path="/video.cgi" AND auth_result="failed"

📊 Metadata

CVE ID: CVE-2024-58336

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-306

EPSS Score: 0.14% exploit probability (34.8th percentile)

Published: December 30, 2025

Last Updated: January 16, 2026

🔗 References

https://packetstormsecurity.com/files/180262/ Broken Link
https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-unauthenticated-video-stream-disclosure Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58336, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

C313w 2 Firmware by Akuvox

Nc 2 Firmware by Akuvox

Ns 2 Firmware by Akuvox

Nx 2 Firmware by Akuvox

R20a 2 Firmware by Akuvox

R20k 2 Firmware by Akuvox

R29 Firmware by Akuvox

S532 Firmware by Akuvox

S539 Firmware by Akuvox

X912 Firmware by Akuvox

X915 Firmware by Akuvox

X916 Firmware by Akuvox