CVE-2024-58337 HIGH

CVE-2024-58337: Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI

Vendor The Akuvox Company
Product Akuvox Smart Doorphone
Weakness CWE-862 · Missing authorization
Published December 30, 2025
Last update January 16, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.

Key dates

02Disclosure timeline

December 30, 2025 CVE published
January 16, 2026 Record updated

Related vulnerabilities

04Related CVE