{"id":122103,"date":"2024-05-15T14:56:42","date_gmt":"2024-05-15T14:56:42","guid":{"rendered":"https:\/\/bas-ip.com\/?page_id=122103"},"modified":"2024-11-05T10:48:29","modified_gmt":"2024-11-05T10:48:29","slug":"bsa-000001","status":"publish","type":"page","link":"https:\/\/bas-ip.com\/ro\/bsa-000001\/","title":{"rendered":"BSA-000001"},"content":{"rendered":"<h2 class=\"wp-block-heading\" id=\"bsa-000001\">Prezentare general\u0103<\/h2>\n\n\n\n<p>A fost descoperit\u0103 o problem\u0103 \u00een mai multe dispozitive de interfon BAS-IP. Acces\u00e2nd interfa\u021ba web sau API a dispozitivului, un atacator poate ob\u021bine parolele pentru serverul RTSP \u0219i contul SIP ale dispozitivului.<\/p>\n\n\n\n<p>BAS-IP clasific\u0103 aceste vulnerabilit\u0103\u021bi ca fiind medii \u0219i recomand\u0103 clien\u021bilor s\u0103 actualizeze modelele BAS-IP afectate la cea mai recent\u0103 versiune de firmware.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"risk-assessment\">Evaluarea riscurilor<\/h2>\n\n\n\n<p>Un adversar poten\u021bial are nevoie de acces la re\u021bea la dispozitiv pentru a exploata vulnerabilit\u0103\u021bile. Un adversar are nevoie de acredit\u0103ri pentru a compromite cu succes dispozitivul. Riscul depinde de gradul de expunere al dispozitivului. Dispozitivele orientate spre internet (de exemplu, expuse prin redirec\u021bionarea portului c\u0103tre router) prezint\u0103 un risc ridicat. Produsele implementate \u00eentr-o re\u021bea local\u0103 protejat\u0103 prezint\u0103 un risc mai sc\u0103zut.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"risk-mitigation\">Reducerea riscurilor<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Se recomand\u0103 insistent actualizarea modelelor afectate la cel mai recent firmware.<\/li>\n\n\n\n<li>Nu este recomandat s\u0103 expune\u021bi dispozitivele direct la internet (redirec\u021bionarea porturilor).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"affected-models-and-patched-firmware\">Modele afectate \u0219i firmware patch-uri<\/h2>\n\n\n\n<p>Lista modelelor afectate:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AV-01D<\/li>\n\n\n\n<li>AV-01MD<\/li>\n\n\n\n<li>AV-01MFD<\/li>\n\n\n\n<li>AV-01ED<\/li>\n\n\n\n<li>AV-01KD<\/li>\n\n\n\n<li>AV-01BD<\/li>\n\n\n\n<li>AV-01KBD<\/li>\n\n\n\n<li>AV-02D<\/li>\n\n\n\n<li>AV-02IDE<\/li>\n\n\n\n<li>AV-02IDR<\/li>\n\n\n\n<li>AV-02IPD<\/li>\n\n\n\n<li>AV-02FDE<\/li>\n\n\n\n<li>AV-02FDR<\/li>\n\n\n\n<li>AV-03D<\/li>\n\n\n\n<li>AV-03BD<\/li>\n\n\n\n<li>AV-04AFD<\/li>\n\n\n\n<li>AV-04ASD<\/li>\n\n\n\n<li>AV-04FD<\/li>\n\n\n\n<li>AV-04SD<\/li>\n\n\n\n<li>AV-05FD<\/li>\n\n\n\n<li>AV-05SD<\/li>\n\n\n\n<li>AA-07BD<\/li>\n\n\n\n<li>AA-07BDI<\/li>\n\n\n\n<li>BA-04BD<\/li>\n\n\n\n<li>BA-04MD<\/li>\n\n\n\n<li>BA-08BD<\/li>\n\n\n\n<li>BA-08MD<\/li>\n\n\n\n<li>BA-12BD<\/li>\n\n\n\n<li>BA-12MD<\/li>\n\n\n\n<li>CR-02BD<\/li>\n<\/ul>\n\n\n\n<p>Versiunea firmware patch:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>3.9.2<\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Prezentare general\u0103 A fost descoperit\u0103 o problem\u0103 \u00een mai multe dispozitive de interfon BAS-IP. Acces\u00e2nd interfa\u021ba web sau API a dispozitivului, un atacator poate ob\u021bine parolele pentru serverul RTSP \u0219i contul SIP ale dispozitivului. BAS-IP clasific\u0103 aceste vulnerabilit\u0103\u021bi ca fiind medii \u0219i recomand\u0103 clien\u021bilor s\u0103 actualizeze modelele BAS-IP afectate la cea mai recent\u0103 versiune de [&hellip;]<\/p>","protected":false},"author":3,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-122103","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/bas-ip.com\/ro\/wp-json\/wp\/v2\/pages\/122103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bas-ip.com\/ro\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/bas-ip.com\/ro\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/bas-ip.com\/ro\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/bas-ip.com\/ro\/wp-json\/wp\/v2\/comments?post=122103"}],"version-history":[{"count":1,"href":"https:\/\/bas-ip.com\/ro\/wp-json\/wp\/v2\/pages\/122103\/revisions"}],"predecessor-version":[{"id":122104,"href":"https:\/\/bas-ip.com\/ro\/wp-json\/wp\/v2\/pages\/122103\/revisions\/122104"}],"wp:attachment":[{"href":"https:\/\/bas-ip.com\/ro\/wp-json\/wp\/v2\/media?parent=122103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}