Overview
A potential security issue was identified in BAS-IP outdoor panels and indoor monitors running Linux-based firmware.
If an attacker obtained direct physical access to the device’s flash memory, they could potentially extract configuration files containing sensitive data, including authentication credentials.
This issue has been classified as a medium-severity risk due to the limited feasibility of such an attack in production environments.
Risk assessment
To exploit this vulnerability, a malicious actor would need direct access to the device’s internal flash memory.
This scenario is unlikely in production environments where devices are properly installed and physically secured, but it is more plausible for devices handled outside secured installations, such as test units, demo stands, or devices in storage.
No remote exploitation vectors are known.
Risk mitigation
We recommend updating all affected devices to the latest patched firmware version.
The new firmware implements improved encryption and protection of configuration data stored in the device’s memory.
Updating the firmware fully mitigates the described vulnerability.
Affected models and patched firmware
This issue affects all BAS-IP outdoor panels and indoor monitors running Linux-based firmware.
The vulnerability has been patched starting from the following firmware versions:
|
Device type |
Affected platform |
Patched firmware version |
|---|---|---|
|
Outdoor panels |
Linux-based |
|
|
Indoor monitors |
Linux-based |
Patched firmware versions
Firmware v3.12.0 for panels and v1.22.0 for monitors — and all subsequent releases — contain security fixes preventing unauthorized extraction of configuration data from flash memory.