CVE-2024-12011
First published: Thu Feb 13 2025(Updated: )
A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.
Credit: prodsec@nozominetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TCP/IP Gateway |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-12011?
CVE-2024-12011 is classified as a medium severity vulnerability due to its potential for information disclosure.
How do I fix CVE-2024-12011?
To fix CVE-2024-12011, update the firmware of the 130.8005 TCP/IP Gateway to the latest version that addresses this vulnerability.
Who is affected by CVE-2024-12011?
CVE-2024-12011 affects the 130.8005 TCP/IP Gateway running firmware version 12h.
What kind of attack does CVE-2024-12011 enable?
CVE-2024-12011 enables a remote unauthenticated attacker to exploit the vulnerability to leak sensitive information.
What is a buffer over-read in the context of CVE-2024-12011?
In the context of CVE-2024-12011, a buffer over-read occurs when the attacker accesses memory beyond the intended bounds, leading to potential information leakage.
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/source
- agent/first-publish-date
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/unknown
- canonical/tcp/ip gateway