CVE-2024-39220: n/a
CVE-2024-39220 is a medium severity vulnerability affecting multiple BAS-IP intercom and access control devices before firmware version 3. 9. 2. Authenticated attackers can exploit this flaw by sending crafted GET requests to retrieve SIP account passwords stored on the devices. The vulnerability impacts confidentiality and integrity but does not affect availability. Exploitation requires prior authentication but no user interaction. This could lead to unauthorized access to SIP accounts, enabling interception or manipulation of VoIP communications. No known exploits are currently reported in the wild. Organizations using affected BAS-IP devices should prioritize firmware updates and restrict access to device management interfaces to mitigate risk.
AI Analysis
Technical Summary
CVE-2024-39220 is a vulnerability identified in a wide range of BAS-IP intercom and access control devices, including models AV-01D through BA-12MD and CR-02BD, among others, all before firmware version 3.9.2. The flaw allows an authenticated attacker to extract SIP account passwords by issuing a specially crafted HTTP GET request to the device. SIP (Session Initiation Protocol) credentials are critical for managing VoIP communications, and their compromise can lead to unauthorized call interception, call manipulation, or impersonation. The vulnerability stems from improper protection of sensitive credential data within the device’s web interface or API, classified under CWE-256 (Plaintext Storage of a Password). The CVSS v3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, and requiring high privileges (authenticated user). The vulnerability does not require user interaction and does not impact device availability but compromises confidentiality and integrity of SIP credentials. No public exploits have been reported yet, but the broad range of affected devices and the critical nature of SIP credentials make this a significant concern for organizations relying on BAS-IP systems for secure communications.
Potential Impact
The primary impact of CVE-2024-39220 is the compromise of SIP account credentials, which can lead to unauthorized access to VoIP communication channels. Attackers with these credentials could intercept calls, eavesdrop on sensitive conversations, or impersonate legitimate users to conduct fraudulent communications. This undermines both confidentiality and integrity of communications within organizations. While the vulnerability does not affect device availability, the exposure of SIP credentials can have cascading effects on operational security, especially in environments where BAS-IP devices are integrated into critical access control and communication infrastructure. Organizations in sectors such as corporate offices, residential complexes, healthcare, and government facilities that use these devices could face increased risks of espionage, fraud, or disruption of secure communications. The requirement for authenticated access limits the attack surface but does not eliminate risk, especially if credential management or network segmentation is weak.
Mitigation Recommendations
To mitigate CVE-2024-39220, organizations should immediately upgrade all affected BAS-IP devices to firmware version 3.9.2 or later, where the vulnerability is patched. In addition, restrict access to device management interfaces to trusted networks and users only, employing network segmentation and firewall rules to limit exposure. Enforce strong authentication mechanisms and regularly rotate administrative credentials to reduce the risk of unauthorized access. Monitor device logs for unusual GET requests or access patterns indicative of exploitation attempts. Disable or restrict SIP account management features if not required, and consider implementing additional encryption or VPN tunnels for management traffic. Regularly audit and inventory BAS-IP devices to ensure all are updated and compliant with security policies. Finally, educate administrators on the risks of credential exposure and the importance of applying vendor patches promptly.
Affected Countries
United States, Germany, Russia, China, United Kingdom, France, Japan, South Korea, Italy, Canada
CVE-2024-39220: n/a
Description
CVE-2024-39220 is a medium severity vulnerability affecting multiple BAS-IP intercom and access control devices before firmware version 3. 9. 2. Authenticated attackers can exploit this flaw by sending crafted GET requests to retrieve SIP account passwords stored on the devices. The vulnerability impacts confidentiality and integrity but does not affect availability. Exploitation requires prior authentication but no user interaction. This could lead to unauthorized access to SIP accounts, enabling interception or manipulation of VoIP communications. No known exploits are currently reported in the wild. Organizations using affected BAS-IP devices should prioritize firmware updates and restrict access to device management interfaces to mitigate risk.
AI-Powered Analysis
Technical Analysis
CVE-2024-39220 is a vulnerability identified in a wide range of BAS-IP intercom and access control devices, including models AV-01D through BA-12MD and CR-02BD, among others, all before firmware version 3.9.2. The flaw allows an authenticated attacker to extract SIP account passwords by issuing a specially crafted HTTP GET request to the device. SIP (Session Initiation Protocol) credentials are critical for managing VoIP communications, and their compromise can lead to unauthorized call interception, call manipulation, or impersonation. The vulnerability stems from improper protection of sensitive credential data within the device’s web interface or API, classified under CWE-256 (Plaintext Storage of a Password). The CVSS v3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, and requiring high privileges (authenticated user). The vulnerability does not require user interaction and does not impact device availability but compromises confidentiality and integrity of SIP credentials. No public exploits have been reported yet, but the broad range of affected devices and the critical nature of SIP credentials make this a significant concern for organizations relying on BAS-IP systems for secure communications.
Potential Impact
The primary impact of CVE-2024-39220 is the compromise of SIP account credentials, which can lead to unauthorized access to VoIP communication channels. Attackers with these credentials could intercept calls, eavesdrop on sensitive conversations, or impersonate legitimate users to conduct fraudulent communications. This undermines both confidentiality and integrity of communications within organizations. While the vulnerability does not affect device availability, the exposure of SIP credentials can have cascading effects on operational security, especially in environments where BAS-IP devices are integrated into critical access control and communication infrastructure. Organizations in sectors such as corporate offices, residential complexes, healthcare, and government facilities that use these devices could face increased risks of espionage, fraud, or disruption of secure communications. The requirement for authenticated access limits the attack surface but does not eliminate risk, especially if credential management or network segmentation is weak.
Mitigation Recommendations
To mitigate CVE-2024-39220, organizations should immediately upgrade all affected BAS-IP devices to firmware version 3.9.2 or later, where the vulnerability is patched. In addition, restrict access to device management interfaces to trusted networks and users only, employing network segmentation and firewall rules to limit exposure. Enforce strong authentication mechanisms and regularly rotate administrative credentials to reduce the risk of unauthorized access. Monitor device logs for unusual GET requests or access patterns indicative of exploitation attempts. Disable or restrict SIP account management features if not required, and consider implementing additional encryption or VPN tunnels for management traffic. Regularly audit and inventory BAS-IP devices to ensure all are updated and compliant with security policies. Finally, educate administrators on the risks of credential exposure and the importance of applying vendor patches promptly.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-06-21T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6c85b7ef31ef0b565d47
Added to database: 2/25/2026, 9:41:25 PM
Last enriched: 2/26/2026, 5:51:53 AM
Last updated: 2/26/2026, 11:07:12 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-64999: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Checkmk GmbH Checkmk
HighCVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing
HighCVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS
HighCVE-2026-28132: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in villatheme WooCommerce Photo Reviews
HighCVE-2026-28131: Insertion of Sensitive Information Into Sent Data in WPVibes Elementor Addon Elements
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.