CVE-2024-39220 - Vulnerability Details - OpenCVE

Description

BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request.

Published: 2024-07-03

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00068.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://bas-ip.com/bsa-000001
https://github.com/DrieVlad/BAS-IP-vulnerabilities

History

No history.

Subscriptions

Bas-ip Aa-07bd Aa-07bdi Av-01bd Av-01d Av-01ed Av-01kd Av-01md Av-01mfd Av-02d Av-02fde Av-02fdr Av-02ide Av-02idr Av-02ipd Av-03bd Av-03d Av-04afd Av-04asd Av-04fd Av-04sd Av-05fd Av-05sd Ba-04bd Ba-04md Ba-08bd Ba-08md Ba-12bd Ba-12md Cr-02bd

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-03T00:00:00.000Z

Updated: 2024-08-02T04:19:20.684Z

Reserved: 2024-06-21T00:00:00.000Z

Link: CVE-2024-39220

Vulnrichment

Updated: 2024-07-08T20:24:20.294Z

NVD

Status : Awaiting Analysis

Published: 2024-07-03T15:15:05.993

Modified: 2024-11-21T09:27:19.680

Link: CVE-2024-39220

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-256

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-39220", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T04:19:20.684Z", "dateReserved": "2024-06-21T00:00:00.000Z", "datePublished": "2024-07-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-03T15:06:58.900Z"}, "descriptions": [{"lang": "en", "value": "BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bas-ip.com/bsa-000001"}, {"url": "https://github.com/DrieVlad/BAS-IP-vulnerabilities"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-256", "lang": "en", "description": "CWE-256 Plaintext Storage of a Password"}]}], "affected": [{"vendor": "bas-ip", "product": "av-01d", "cpes": ["cpe:2.3:a:bas-ip:av-01d:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-01md", "cpes": ["cpe:2.3:a:bas-ip:av-01md:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-01mfd", "cpes": ["cpe:2.3:a:bas-ip:av-01mfd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-01ed", "cpes": ["cpe:2.3:a:bas-ip:av-01ed:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-01kd", "cpes": ["cpe:2.3:a:bas-ip:av-01kd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-01bd", "cpes": ["cpe:2.3:a:bas-ip:av-01bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-02d", "cpes": ["cpe:2.3:a:bas-ip:av-02d:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-02ide", "cpes": ["cpe:2.3:a:bas-ip:av-02ide:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-02idr", "cpes": ["cpe:2.3:a:bas-ip:av-02idr:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-02ipd", "cpes": ["cpe:2.3:a:bas-ip:av-02ipd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-02fde", "cpes": ["cpe:2.3:a:bas-ip:av-02fde:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-02fdr", "cpes": ["cpe:2.3:a:bas-ip:av-02fdr:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-03d", "cpes": ["cpe:2.3:a:bas-ip:av-03d:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-03bd", "cpes": ["cpe:2.3:a:bas-ip:av-03bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-04afd", "cpes": ["cpe:2.3:a:bas-ip:av-04afd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-04asd", "cpes": ["cpe:2.3:a:bas-ip:av-04asd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-04fd", "cpes": ["cpe:2.3:a:bas-ip:av-04fd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-04sd", "cpes": ["cpe:2.3:a:bas-ip:av-04sd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-05fd", "cpes": ["cpe:2.3:a:bas-ip:av-05fd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-05sd", "cpes": ["cpe:2.3:a:bas-ip:av-05sd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "aa-07bd", "cpes": ["cpe:2.3:a:bas-ip:aa-07bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "aa-07bdi", "cpes": ["cpe:2.3:a:bas-ip:aa-07bdi:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "ba-04bd", "cpes": ["cpe:2.3:a:bas-ip:ba-04bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "ba-04md", "cpes": ["cpe:2.3:a:bas-ip:ba-04md:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "ba-08bd", "cpes": ["cpe:2.3:a:bas-ip:ba-08bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "ba-08md", "cpes": ["cpe:2.3:a:bas-ip:ba-08md:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "ba-12bd", "cpes": ["cpe:2.3:a:bas-ip:ba-12bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "ba-12md", "cpes": ["cpe:2.3:a:bas-ip:ba-12md:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "cr-02bd", "cpes": ["cpe:2.3:a:bas-ip:cr-02bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-08T20:16:48.281472Z", "id": "CVE-2024-39220", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T13:17:06.088Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:19:20.684Z"}, "title": "CVE Program Container", "references": [{"url": "https://bas-ip.com/bsa-000001", "tags": ["x_transferred"]}, {"url": "https://github.com/DrieVlad/BAS-IP-vulnerabilities", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-39220", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-08T20:16:48.281472Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:bas-ip:av-01d:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-01d", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-01md:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-01md", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-01mfd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-01mfd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-01ed:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-01ed", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-01kd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-01kd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-01bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-01bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-02d:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-02d", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-02ide:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-02ide", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-02idr:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-02idr", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-02ipd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-02ipd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-02fde:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-02fde", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-02fdr:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-02fdr", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-03d:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-03d", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-03bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-03bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-04afd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-04afd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-04asd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-04asd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-04fd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-04fd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-04sd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-04sd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-05fd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-05fd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-05sd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-05sd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:aa-07bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "aa-07bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:aa-07bdi:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "aa-07bdi", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:ba-04bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "ba-04bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:ba-04md:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "ba-04md", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:ba-08bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "ba-08bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:ba-08md:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "ba-08md", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:ba-12bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "ba-12bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:ba-12md:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "ba-12md", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:cr-02bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "cr-02bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-256", "description": "CWE-256 Plaintext Storage of a Password"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T20:24:20.294Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://bas-ip.com/bsa-000001"}, {"url": "https://github.com/DrieVlad/BAS-IP-vulnerabilities"}], "descriptions": [{"lang": "en", "value": "BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-03T15:06:58.900724"}}}, "cveMetadata": {"cveId": "CVE-2024-39220", "state": "PUBLISHED", "dateUpdated": "2024-07-09T13:17:06.088Z", "dateReserved": "2024-06-21T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-07-03T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}