CVE-2024-12136

Medium

Published: 19 March 2025

Published

19 March 2025

Modified

27 June 2025

KEV Added

—

Patch

—

CVSS Score 6.9 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0001 0.9th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass.This issue affects ANKA JPD-00028: before V.01.01.

Security Summary

CVE-2024-12136 is a Missing Critical Step in Authentication vulnerability (CWE-304) in Elfatek Elektronics ANKA JPD-00028 that enables authentication bypass. The issue affects ANKA JPD-00028 versions prior to V.01.01 and was published on 2025-03-19.

Exploitation requires physical access (AV:P), high attack complexity (AC:H), and high privileges (PR:H), with no user interaction (UI:N). A successful attack achieves high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) across a changed scope (S:C), resulting in an overall CVSS v3.1 base score of 6.9 (Medium).

Mitigation guidance is available in the USOM advisory at https://www.usom.gov.tr/bildirim/tr-25-0071.

Details

CWE(s): CWE-304NVD-CWE-Other

Affected Products

elfatek

anka jpd00028 firmware

all versions

MITRE ATT&CK Enterprise Techniques

Insufficient information to map techniques.

Confidence: LOW · MITRE ATT&CK Enterprise v19.0

References

https://www.usom.gov.tr/bildirim/tr-25-0071
Third Party Advisory · iletisim@usom.gov.tr