CVE-2024-12011
Published: 13 February 2025
Summary
CVE-2024-12011 is a high-severity Buffer Over-read (CWE-126) vulnerability in Nozominetworks (inferred from references). Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-12011 is a CWE-126 Buffer Over-read vulnerability affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The flaw manifests as a memory leak in the web server, enabling information disclosure of sensitive data from process memory.
A remote unauthenticated attacker can exploit this vulnerability to leak valid authentication tokens associated with users currently logged into the system, allowing them to bypass the authentication mechanism. The CVSS v3.1 base score is 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L), reflecting network-based exploitation with low attack complexity that requires user interaction, resulting in high confidentiality impact alongside low integrity and availability impacts.
Mitigation details are available in the Nozomi Networks vulnerability advisory at https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50533
Vulnerability details
A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order…
more
to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated buffer over-read in public-facing web server directly enables exploitation of the application for initial access and credential theft via leaked auth tokens.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Implements security safeguards to protect system memory from unauthorized reads, directly mitigating the buffer over-read and memory leak in the web server process.
Requires timely identification, reporting, and remediation of flaws such as this specific buffer over-read vulnerability through firmware updates.
Validates and restricts inputs to the web server to prevent crafted requests that trigger the memory leak and authentication token disclosure.