Akuvox Smart Intercom/Doorphone ServicesHTTPAPI Improper Access Control

Akuvox Smart Intercom/Doorphone ServicesHTTPAPI Improper Access ControlVendor: The Akuvox CompanyProduct web page: https://www.akuvox.comAffected version: Doorphone:                    S539                    S532                    X916                    X915                    X912                    R29                  Intercom:                    E16C                    R20K-2                    R20A-2                    C313W-2                    NS-2                    NC-2                    NX-2                  Firmware: 912.30.1.137Summary: Vandal-resistant Door Phone for High-end Buildings. Offeringtop-of-the-line features, Akuvox X912 is targeted at high-end residentialand commercial projects. With a compact size, it is perfect for buildingswith limited installation space.Desc: The Akuvox Smart Intercom/Doorphone suffers from an insecure serviceAPI access control. The vulnerability in ServicesHTTPAPI endpoint allowsusers with "User" privileges to modify API access settings and configurations.This improper access control permits privilege escalation, enabling unauthorizedaccess to administrative functionalities. Exploitation of this issue couldcompromise system integrity and lead to unauthorized system modifications.Tested on: lighttpd/1.4.30           EasyHttpServerVulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2024-5862Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5862.php25.02.2024--http://192.168.1.2/#/ServicesHTTPAPI# user:user