Select Your Cookie Preferences

We use cookies and similar technologies on this website to enhance your browsing experience and analyze website traffic. By continuing to browse or clicking "Accept All" you consent to the use of cookies and other tracking technologies. However, you can customize your cookie preferences below.

Customize Consent Preferences

At bas-ip.com, we utilize cookies to enhance your browsing experience and enable certain functions. Below, you will find detailed information about the cookies and their consent categories:

You have the option to enable or disable any of these cookies according to your preferences. Please note that disabling some cookies may impact your overall browsing experience.... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Powered by Cookieyes logo
Skip to Content
Go back
BAS-IP / BSA-000001

Overview

A problem has been discovered in several BAS-IP intercom devices. By accessing the device’s web interface or API, an attacker can obtain passwords for the device’s RTSP server and SIP account.

BAS-IP classifies these vulnerabilities as medium and recommends that customers upgrade affected BAS-IP models to the latest firmware version.

Risk assessment

A potential adversary needs network access to the device in order to exploit the vulnerabilities. An adversary require credentials to successfully compromise the device. The risk depends on how exposed the device is. Internet-facing device (e.g. exposed via router port-forward) are at high risk. Products deployed on a protected local network are at lower risk.

Risk mitigation

  • It is strongly recommended to upgrade affected models to the latest firmware.
  • It is not recommended to expose devices directly to the Internet (port-forwarding).

Affected models and patched firmware

Affected models list:

  • AV-01D
  • AV-01MD
  • AV-01MFD
  • AV-01ED
  • AV-01KD
  • AV-01BD
  • AV-01KBD
  • AV-02D
  • AV-02IDE
  • AV-02IDR
  • AV-02IPD
  • AV-02FDE
  • AV-02FDR
  • AV-03D
  • AV-03BD
  • AV-04AFD
  • AV-04ASD
  • AV-04FD
  • AV-04SD
  • AV-05FD
  • AV-05SD
  • AA-07BD
  • AA-07BDI
  • BA-04BD
  • BA-04MD
  • BA-08BD
  • BA-08MD
  • BA-12BD
  • BA-12MD
  • CR-02BD

Patched firmware version:

  • 3.9.2