PT-2024-28395 · Bas Ip · Bas-Ip Cr-02Bd
Drievlad
·
Published
2024-07-03
·
Updated
2024-07-09
·
CVE-2024-39220
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
BAS-IP CR-02BD versions prior to firmware v3.9.2
Description
The issue allows authenticated attackers to read SIP account passwords via a crafted GET request.
Recommendations
For BAS-IP CR-02BD versions prior to firmware v3.9.2, update to firmware version v3.9.2 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bas-Ip Cr-02Bd