Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure

Akuvox Smart Intercom/Doorphone Unauthenticated Stream DisclosureVendor: The Akuvox CompanyProduct web page: https://www.akuvox.comAffected version: Doorphone:                    S539                    S532                    X916                    X915                    X912                    R29                  Intercom:                    R20K-2                    R20A-2                    C313W-2                    NS-2                    NC-2                    NX-2                  Firmware: 912.30.1.137Summary: Vandal-resistant Door Phone for High-end Buildings. Offeringtop-of-the-line features, Akuvox X912 is targeted at high-end residentialand commercial projects. With a compact size, it is perfect for buildingswith limited installation space.Desc: The application suffers from an unauthenticated live stream disclosurewhen requesting video.cgi endpoint on port 8080.Tested on: lighttpd/1.4.30           EasyHttpServerVulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2024-5826Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5826.php25.02.2024--$ firefox http://192.168.1.2:8080/video.cgi