Akuvox Smart Intercom S539
Moderate fix1 remedy
Moderate fix1 remedy
- S539
- S532
- X916
- X915
- X912
- R29
- R20K-2
- R20A-2
- C313W-2
- NS-2
- NC-2
- NX-2
- 912.30.1.137
Akuvox Smart Intercom and Doorphone Unauthenticated Video Stream Disclosure Vulnerability
Vulnerability
Patched
A vulnerability allowing unauthenticated access to live video streams has been identified in several Akuvox Smart Intercom and Doorphone models. By requesting the video.cgi endpoint on port 8080, remote attackers can retrieve video stream data without authentication. This issue affects multiple versions of the Akuvox S539, S532, X916, X915, X912, R29 doorphones, as well as the R20K-2, R20A-2, C313W-2, NS-2, NC-2, and NX-2 intercoms, all running firmware through 912.30.1.137.
Impact
Exploitation of this vulnerability leads to unauthorized access to live video streams from the affected devices.
Reproduction
The vulnerability can be reproduced by sending a request to the video.cgi endpoint on port 8080 of an affected Akuvox device. This can be done using a web browser or a tool like curl, without the need for authentication.
Remediation
Akuvox has released a patch for this vulnerability in version 915.30.10.146. Users are advised to update to this version.
Added: Dec 30, 2025, 11:23 PM
Updated: Dec 30, 2025, 11:23 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
8.7remediation
0.0relevance
1.6threat
6.4urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.