1. Vulnerability Overview
Akuvox has identified two security vulnerabilities (CVE-2024-58336 and CVE-2024-58337) affecting certain smart intercom products. Attackers may exploit these vulnerabilities to obtain live video streams without authentication, or escalate privileges to gain access to device management features.
CVE-2024-58336:
Unauthorized Video Stream Disclosure. Due to insufficient validation on the video request interface over certain ports (e.g., port 8080), a remote attacker can obtain the live camera feed by sending specially crafted requests without any authentication.CVE-2024-58337:
Improper Access Control. Attackers with basic "User" privileges can modify API access settings and system configurations, gaining elevated privileges and administrative control.
2. Affected Products
The following product models and firmware versions are impacted. Users are strongly advised to take immediate security measures.
| No. |
Product Name |
Affected Version |
Fix Released On |
Recommended Version / Mitigation |
| 1 |
S539 |
Versions prior to 539.30.10.216 |
2024-10-08 |
Upgrade to 539.30.10.216 or later |
| 2 |
S532 |
Versions prior to 532.30.10.243 |
2025-03-12 |
Upgrade to 532.30.10.243 or later |
| 3 |
X916 |
Versions prior to 916.30.10.210 |
2024-10-12 |
Upgrade to 916.30.10.210 or later |
| 4 |
X915 |
Versions prior to 915.30.10.158 |
2024-09-30 |
Upgrade to 915.30.10.158 or later |
| 5 |
X915v2 |
Versions prior to 2915.30.10.214 |
2024-10-09 |
Upgrade to 2915.30.10.214 or later |
| 6 |
X912 |
Versions prior to 912.30.11.65 |
2025-04-03 |
Upgrade to 912.30.11.65 or later |
| 7 |
R20K-2 |
Versions prior to 320.30.10.240 |
2024-12-26 |
Upgrade to 320.30.10.240 or later |
| 8 |
R20A-2 |
Versions prior to 320.30.10.240 |
2024-12-26 |
Upgrade to 320.30.10.240 or later |
| 9 |
E18 |
Versions prior to 18.30.10.247 |
2025-10-20 |
Upgrade to 18.30.10.247 or later |
| 10 |
R25 |
Versions prior to 25.30.10.5 |
2024-09-11 |
Upgrade to 25.30.10.5 or later |
3. Mitigation and Recommendations
To reduce security risks, Akuvox recommends the following measures:
Firmware Upgrade:
Immediately check all affected devices and contact our technical support at techsupport@akuvox.com for the upgrade. Upgrade to the latest fixed firmware.Network Isolation:
Before applying the firmware update, deploy affected intercom devices in a protected, isolated VLAN. Do not expose them to the public internet and restrict cross-segment access to nonessential ports such as 8080.Account Security:
Review current user permissions, disable unnecessary "User" accounts, and enforce strong password policies.
4. Vulnerability Source
These vulnerabilities were discovered and reported by the external security research team LiquidWorm (Gjoko Krstic) of Zero Science Lab. Akuvox extends appreciation to researchers who contribute to improving product security.
5. Contact Information
If you identify potential security risks or require technical assistance, please contact us via:
Akuvox reserves the final right to modify and interpret this advisory.