CVE-2024-39220 - Vulnerability Details - OpenCVE

BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00068.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Bas-ip Subscribe	Aa-07bd Subscribe Aa-07bdi Subscribe Av-01bd Subscribe Av-01d Subscribe Av-01ed Subscribe Av-01kd Subscribe Av-01md Subscribe Av-01mfd Subscribe Av-02d Subscribe Av-02fde Subscribe Av-02fdr Subscribe Av-02ide Subscribe Av-02idr Subscribe Av-02ipd Subscribe Av-03bd Subscribe Av-03d Subscribe Av-04afd Subscribe Av-04asd Subscribe Av-04fd Subscribe Av-04sd Subscribe Av-05fd Subscribe Av-05sd Subscribe Ba-04bd Subscribe Ba-04md Subscribe Ba-08bd Subscribe Ba-08md Subscribe Ba-12bd Subscribe Ba-12md Subscribe Cr-02bd Subscribe

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://bas-ip.com/bsa-000001
https://github.com/DrieVlad/BAS-IP-vulnerabilities

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-03T00:00:00

Updated: 2024-08-02T04:19:20.684Z

Reserved: 2024-06-21T00:00:00

Link: CVE-2024-39220

Vulnrichment

Updated: 2024-07-08T20:24:20.294Z

NVD

Status : Awaiting Analysis

Published: 2024-07-03T15:15:05.993

Modified: 2024-11-21T09:27:19.680

Link: CVE-2024-39220

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-256

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-39220", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T04:19:20.684Z", "dateReserved": "2024-06-21T00:00:00", "datePublished": "2024-07-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-03T15:06:58.900724"}, "descriptions": [{"lang": "en", "value": "BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bas-ip.com/bsa-000001"}, {"url": "https://github.com/DrieVlad/BAS-IP-vulnerabilities"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-256", "lang": "en", "description": "CWE-256 Plaintext Storage of a Password"}]}], "affected": [{"vendor": "bas-ip", "product": "av-01d", "cpes": ["cpe:2.3:a:bas-ip:av-01d:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-01md", "cpes": ["cpe:2.3:a:bas-ip:av-01md:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-01mfd", "cpes": ["cpe:2.3:a:bas-ip:av-01mfd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-01ed", "cpes": ["cpe:2.3:a:bas-ip:av-01ed:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-01kd", "cpes": ["cpe:2.3:a:bas-ip:av-01kd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-01bd", "cpes": ["cpe:2.3:a:bas-ip:av-01bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-02d", "cpes": ["cpe:2.3:a:bas-ip:av-02d:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-02ide", "cpes": ["cpe:2.3:a:bas-ip:av-02ide:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-02idr", "cpes": ["cpe:2.3:a:bas-ip:av-02idr:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-02ipd", "cpes": ["cpe:2.3:a:bas-ip:av-02ipd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-02fde", "cpes": ["cpe:2.3:a:bas-ip:av-02fde:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-02fdr", "cpes": ["cpe:2.3:a:bas-ip:av-02fdr:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-03d", "cpes": ["cpe:2.3:a:bas-ip:av-03d:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-03bd", "cpes": ["cpe:2.3:a:bas-ip:av-03bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-04afd", "cpes": ["cpe:2.3:a:bas-ip:av-04afd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-04asd", "cpes": ["cpe:2.3:a:bas-ip:av-04asd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-04fd", "cpes": ["cpe:2.3:a:bas-ip:av-04fd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-04sd", "cpes": ["cpe:2.3:a:bas-ip:av-04sd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-05fd", "cpes": ["cpe:2.3:a:bas-ip:av-05fd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "av-05sd", "cpes": ["cpe:2.3:a:bas-ip:av-05sd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "aa-07bd", "cpes": ["cpe:2.3:a:bas-ip:aa-07bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "aa-07bdi", "cpes": ["cpe:2.3:a:bas-ip:aa-07bdi:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "ba-04bd", "cpes": ["cpe:2.3:a:bas-ip:ba-04bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "ba-04md", "cpes": ["cpe:2.3:a:bas-ip:ba-04md:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "ba-08bd", "cpes": ["cpe:2.3:a:bas-ip:ba-08bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "ba-08md", "cpes": ["cpe:2.3:a:bas-ip:ba-08md:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "ba-12bd", "cpes": ["cpe:2.3:a:bas-ip:ba-12bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "ba-12md", "cpes": ["cpe:2.3:a:bas-ip:ba-12md:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}, {"vendor": "bas-ip", "product": "cr-02bd", "cpes": ["cpe:2.3:a:bas-ip:cr-02bd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.9.2", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-08T20:16:48.281472Z", "id": "CVE-2024-39220", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T13:17:06.088Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:19:20.684Z"}, "title": "CVE Program Container", "references": [{"url": "https://bas-ip.com/bsa-000001", "tags": ["x_transferred"]}, {"url": "https://github.com/DrieVlad/BAS-IP-vulnerabilities", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-39220", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-08T20:16:48.281472Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:bas-ip:av-01d:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-01d", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-01md:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-01md", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-01mfd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-01mfd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-01ed:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-01ed", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-01kd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-01kd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-01bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-01bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-02d:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-02d", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-02ide:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-02ide", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-02idr:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-02idr", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-02ipd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-02ipd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-02fde:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-02fde", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-02fdr:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-02fdr", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-03d:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-03d", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-03bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-03bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-04afd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-04afd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-04asd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-04asd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-04fd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-04fd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-04sd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-04sd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-05fd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-05fd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:av-05sd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "av-05sd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:aa-07bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "aa-07bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:aa-07bdi:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "aa-07bdi", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:ba-04bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "ba-04bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:ba-04md:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "ba-04md", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:ba-08bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "ba-08bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:ba-08md:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "ba-08md", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:ba-12bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "ba-12bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:ba-12md:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "ba-12md", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:bas-ip:cr-02bd:*:*:*:*:*:*:*:*"], "vendor": "bas-ip", "product": "cr-02bd", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-256", "description": "CWE-256 Plaintext Storage of a Password"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T20:24:20.294Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://bas-ip.com/bsa-000001"}, {"url": "https://github.com/DrieVlad/BAS-IP-vulnerabilities"}], "descriptions": [{"lang": "en", "value": "BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-03T15:06:58.900724"}}}, "cveMetadata": {"cveId": "CVE-2024-39220", "state": "PUBLISHED", "dateUpdated": "2024-07-09T13:17:06.088Z", "dateReserved": "2024-06-21T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-07-03T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}