CVE-2024-37654
📋 TL;DR
This vulnerability in BAS-IP video intercom devices allows remote attackers to obtain sensitive information via crafted HTTP GET requests. It affects multiple BAS-IP models running firmware versions before 3.9.2. Attackers can potentially access device credentials, configuration data, or other sensitive information without authentication.
💻 Affected Systems
- BAS-IP AV-01D
- AV-01MD
- AV-01MFD
- AV-01ED
- AV-01KD
- AV-01BD
- AV-01KBD
- AV-02D
- AV-02IDE
- AV-02IDR
- AV-02IPD
- AV-02FDE
- AV-02FDR
- AV-03D
- AV-03BD
- AV-04AFD
- AV-04ASD
- AV-04FD
- AV-04SD
- AV-05FD
- AV-05SD
- AA-07BD
- AA-07BDI
- BA-04BD
- BA-04MD
- BA-08BD
- BA-08MD
- BA-12BD
- BA-12MD
- CR-02BD
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain administrative credentials, gain full control of video intercom systems, access live video feeds, manipulate door access controls, and pivot to internal networks.
Likely Case
Attackers extract device configuration data, user credentials, or network information that could facilitate further attacks or reconnaissance.
If Mitigated
With proper network segmentation and access controls, impact is limited to the specific device with no lateral movement.
🎯 Exploit Status
Exploitation requires only HTTP GET requests, making it trivial for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.9.2
Vendor Advisory: https://github.com/DrieVlad/BAS-IP-vulnerabilities
Restart Required: Yes
Instructions:
1. Download firmware version 3.9.2 from BAS-IP vendor portal. 2. Access device web interface. 3. Navigate to System > Firmware Update. 4. Upload the firmware file. 5. Confirm update and wait for automatic reboot.
🔧 Temporary Workarounds
Network Segmentation
allIsolate BAS-IP devices on separate VLAN with strict firewall rules blocking external access.
Access Control Lists
allImplement IP-based restrictions to allow only authorized management stations to access device web interfaces.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate BAS-IP devices from internet and internal networks
- Deploy web application firewall (WAF) rules to block suspicious HTTP GET patterns targeting these devices
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via web interface at System > Information. If version is below 3.9.2, device is vulnerable.Check Version:
curl -s http://device-ip/system/info | grep -i versionVerify Fix Applied:
After updating, verify firmware version shows 3.9.2 or higher in System > Information page.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP GET requests to device web interfaces
- Multiple failed authentication attempts followed by information disclosure requests
Network Indicators:
- HTTP traffic to BAS-IP devices with unusual query parameters or paths
- External IP addresses accessing internal BAS-IP devices
SIEM Query:
source="bas-ip-device" AND (http_method="GET" AND (uri_path CONTAINS "/system/" OR uri_path CONTAINS "/config/"))