Skip to content

DrieVlad/BAS-IP-vulnerabilities

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 

Repository files navigation

BAS-IP-vulnerabilities

CVE-2024-37654

An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before 3.9.2 allows a remote attacker to obtain RTSP passwords via HTTP GET request.

Exploitation

Web interface administrator credentials required.

  1. Access the web interface
  2. Execute an HTTP GET request to /api/v1/device/settings/rtsp
  3. Find the cleartext password in the received HTTP response
Снимок экрана 2024-06-20 в 00 13 47

CVE-2024-39220

An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before 3.9.2 allows a remote attacker to to read SIP account passwords via a crafted GET request.

Exploitation

Web interface administrator credentials required.

  1. Access the web interface

  2. Execute an HTTP GET request to /api/v1/device/sip/settings

  3. Find the cleartext password in the received HTTP response

Снимок экрана 2024-07-03 в 00 34 08

Remediation

Update firmware to version 3.9.2 or later. Details on the official website. https://bas-ip.com/bsa-000001

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published