CVE-2024-39220
CVE-2024-39220 affects BAS-IP AV-, AA-, BA-, and CR-02BD products (before firmware v3.9.2). An authenticated attacker can read SIP account passwords via a crafted GET request, exposing SIP credentials (confidentiality impact high). The vulnerability is exploitable over network with low complexity...