{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12011", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2024-12-02T10:29:12.318Z", "datePublished": "2025-02-13T15:59:23.264Z", "dateUpdated": "2025-02-13T16:54:02.337Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "130.8005", "vendor": "Zettler", "versions": [{"status": "affected", "version": "12h", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A CWE-126 \u201cBuffer Over-read\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism."}], "value": "A CWE-126 \u201cBuffer Over-read\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "description": "CWE-126 Buffer Over-read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2025-02-13T16:10:33.618Z"}, "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-13T16:53:53.590868Z", "id": "CVE-2024-12011", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-13T16:54:02.337Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12011", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2024-12-02T10:29:12.318Z", "datePublished": "2025-02-13T15:59:23.264Z", "dateUpdated": "2025-02-13T16:54:02.337Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "130.8005", "vendor": "Zettler", "versions": [{"status": "affected", "version": "12h", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A CWE-126 \u201cBuffer Over-read\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism."}], "value": "A CWE-126 \u201cBuffer Over-read\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "description": "CWE-126 Buffer Over-read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2025-02-13T16:10:33.618Z"}, "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12011", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-13T16:53:53.590868Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-13T16:53:57.376Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A CWE-126 \u201cBuffer Over-read\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad CWE-126 de \u201csobrelectura de b\u00fafer\u201d que afectaba a la puerta de enlace TCP/IP 130.8005 con la versi\u00f3n de firmware 12h. La divulgaci\u00f3n de informaci\u00f3n se puede desencadenar aprovechando una fuga de memoria que afecta al servidor web. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para filtrar tokens de autenticaci\u00f3n v\u00e1lidos de la memoria de proceso asociada a los usuarios que est\u00e1n conectados actualmente al sistema y eludir el mecanismo de autenticaci\u00f3n."}], "id": "CVE-2024-12011", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}, "published": "2025-02-13T16:15:43.750", "references": [{"source": "prodsec@nozominetworks.com", "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-126"}], "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}

{}

{}