CVE-2024-12011

Published: Feb 13, 2025Modified: Feb 13, 2025

7.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Exploitability: 2.8 / Impact: 4.7

Source: prodsec@nozominetworks.com (Secondary)

Description

A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.

Related CWEs

CWE-126

Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

References (1)

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011

Source: prodsec@nozominetworks.com

Timeline

No history available yet.