CVE-2024-39220

EUVD-2024-37870
BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
bas-ipav-01d
𝑥
< 3.9.2
ADP
bas-ipav-01md
𝑥
< 3.9.2
ADP
bas-ipav-01mfd
𝑥
< 3.9.2
ADP
bas-ipav-01ed
𝑥
< 3.9.2
ADP
bas-ipav-01kd
𝑥
< 3.9.2
ADP
bas-ipav-01bd
𝑥
< 3.9.2
ADP
bas-ipav-02d
𝑥
< 3.9.2
ADP
bas-ipav-02ide
𝑥
< 3.9.2
ADP
bas-ipav-02idr
𝑥
< 3.9.2
ADP
bas-ipav-02ipd
𝑥
< 3.9.2
ADP
bas-ipav-02fde
𝑥
< 3.9.2
ADP
bas-ipav-02fdr
𝑥
< 3.9.2
ADP
bas-ipav-03d
𝑥
< 3.9.2
ADP
bas-ipav-03bd
𝑥
< 3.9.2
ADP
bas-ipav-04afd
𝑥
< 3.9.2
ADP
bas-ipav-04asd
𝑥
< 3.9.2
ADP
bas-ipav-04fd
𝑥
< 3.9.2
ADP
bas-ipav-04sd
𝑥
< 3.9.2
ADP
bas-ipav-05fd
𝑥
< 3.9.2
ADP
bas-ipav-05sd
𝑥
< 3.9.2
ADP
bas-ipaa-07bd
𝑥
< 3.9.2
ADP
bas-ipaa-07bdi
𝑥
< 3.9.2
ADP
bas-ipba-04bd
𝑥
< 3.9.2
ADP
bas-ipba-04md
𝑥
< 3.9.2
ADP
bas-ipba-08bd
𝑥
< 3.9.2
ADP
bas-ipba-08md
𝑥
< 3.9.2
ADP
bas-ipba-12bd
𝑥
< 3.9.2
ADP
bas-ipba-12md
𝑥
< 3.9.2
ADP
bas-ipcr-02bd
𝑥
< 3.9.2
ADP
Common Weakness Enumeration
References
https://bas-ip.com/bsa-000001
https://github.com/DrieVlad/BAS-IP-vulnerabilities
https://bas-ip.com/bsa-000001
https://github.com/DrieVlad/BAS-IP-vulnerabilities