CVE-2024-58336 is a vulnerability found in several Akuvox Smart Doorphone models (S539, S532, X916, X915, X912) that allows unauthenticated remote attackers to access live video streams. The vulnerability arises because the video.cgi endpoint on port 8080 does not enforce any authentication checks, enabling attackers to directly request and retrieve video stream data without credentials. This represents a critical failure in access control for a security-sensitive function. The vulnerability has a CVSS 4.0 score of 8.7, reflecting its high severity due to network attack vector, no required privileges, no user interaction, and a high impact on confidentiality. The exposure of live video streams compromises privacy and security, potentially allowing attackers to surveil premises undetected. No patches or mitigations have been officially released yet, and no exploits have been observed in the wild, but the vulnerability’s simplicity and severity make it a prime target for exploitation. The affected devices are commonly used in smart building environments for intercom and access control, increasing the risk to physical security and privacy. The lack of authentication on a critical function like video streaming is a significant design flaw that requires urgent remediation.

For European organizations, this vulnerability poses a significant risk to privacy, physical security, and operational integrity. Unauthorized access to live video streams can lead to surveillance of sensitive areas, exposing personnel, assets, and confidential activities. This could facilitate targeted physical attacks, espionage, or unauthorized entry. Organizations in sectors such as government, finance, healthcare, and critical infrastructure that rely on Akuvox devices for secure access control are particularly vulnerable. The breach of video confidentiality may also result in regulatory non-compliance under GDPR, leading to legal and financial penalties. Additionally, the exposure of live feeds could undermine trust in security systems and necessitate costly incident response and remediation efforts. The ease of exploitation without authentication or user interaction increases the likelihood of attacks, especially in environments where these devices are accessible from untrusted networks or poorly segmented internal networks.

1. Immediately restrict network access to Akuvox devices by implementing strict firewall rules and network segmentation, ensuring that only authorized management systems can communicate with port 8080. 2. Disable remote access to the video.cgi endpoint if possible until a patch is available. 3. Monitor network traffic for unusual or unauthorized requests to the video.cgi endpoint and establish alerts for suspicious activity. 4. Conduct an inventory of all Akuvox devices in use and assess exposure to untrusted networks. 5. Engage with Akuvox or authorized vendors to obtain patches or firmware updates as soon as they are released. 6. Consider deploying additional security controls such as VPNs or zero-trust network access for device management interfaces. 7. Review and enhance physical security policies to compensate for potential video surveillance gaps. 8. Educate security teams about this vulnerability and incorporate it into incident response plans. 9. Evaluate alternative secure intercom solutions if remediation is delayed or infeasible. 10. Ensure compliance with data protection regulations by documenting risk assessments and mitigation efforts related to this vulnerability.