An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before 3.9.2 allows a remote attacker to obtain RTSP passwords via HTTP GET request.
Web interface administrator credentials required.
- Access the web interface
- Execute an HTTP GET request to /api/v1/device/settings/rtsp
- Find the cleartext password in the received HTTP response
![Снимок экрана 2024-06-20 в 00 13 47](https://private-user-images.githubusercontent.com/43147263/341183279-dd0fe40b-2dea-4976-801b-3476d564f5e5.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk3Mzg2OTksIm5iZiI6MTcxOTczODM5OSwicGF0aCI6Ii80MzE0NzI2My8zNDExODMyNzktZGQwZmU0MGItMmRlYS00OTc2LTgwMWItMzQ3NmQ1NjRmNWU1LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MzAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjMwVDA5MDYzOVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWQ0YWZlMjI1YWQ4MTRmMTlmZGJlNGU5ZmYyZmM4MmJjNTVlZDM5NjkyMGU0NjY4MmRhYTNmMjY3MGIyYTczZjgmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.p2tuE5GOK-thV6Ddqzw449VNgy82eacyV3hJiKTkxyI)
Update firmware to version 3.9.2 or later. Details on the official website. https://bas-ip.com/bsa-000001