CVE-2024-12011

High

Published: 13 February 2025

Published

13 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

EPSS Score 0.0021 43.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.

Security Summary

CVE-2024-12011 is a CWE-126 Buffer Over-read vulnerability affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The flaw manifests as a memory leak in the web server, enabling information disclosure of sensitive data from process memory.

A remote unauthenticated attacker can exploit this vulnerability to leak valid authentication tokens associated with users currently logged into the system, allowing them to bypass the authentication mechanism. The CVSS v3.1 base score is 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L), reflecting network-based exploitation with low attack complexity that requires user interaction, resulting in high confidentiality impact alongside low integrity and availability impacts.

Mitigation details are available in the Nozomi Networks vulnerability advisory at https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011.

Details

CWE(s): CWE-126

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011
prodsec@nozominetworks.com