Cyber Resilience

CVE-2024-12011

High

Published: 13 February 2025

Published
13 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
EPSS Score 0.0021 43.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12011 is a high-severity Buffer Over-read (CWE-126) vulnerability in Nozominetworks (inferred from references). Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-12011 is a CWE-126 Buffer Over-read vulnerability affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The flaw manifests as a memory leak in the web server, enabling information disclosure of sensitive data from process memory.

A remote unauthenticated attacker can exploit this vulnerability to leak valid authentication tokens associated with users currently logged into the system, allowing them to bypass the authentication mechanism. The CVSS v3.1 base score is 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L), reflecting network-based exploitation with low attack complexity that requires user interaction, resulting in high confidentiality impact alongside low integrity and availability impacts.

Mitigation details are available in the Nozomi Networks vulnerability advisory at https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011.

EU & UK References

Vulnerability details

A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order…

more

to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated buffer over-read in public-facing web server directly enables exploitation of the application for initial access and credential theft via leaked auth tokens.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24028Shared CWE-126
CVE-2026-34059Shared CWE-126
CVE-2025-21427Shared CWE-126
CVE-2024-49838Shared CWE-126
CVE-2025-21277Shared CWE-126
CVE-2024-49839Shared CWE-126
CVE-2026-41898Shared CWE-126
CVE-2025-12106Shared CWE-126
CVE-2026-37532Shared CWE-126
CVE-2026-25646Shared CWE-126

Affected Assets

Nozominetworks
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements security safeguards to protect system memory from unauthorized reads, directly mitigating the buffer over-read and memory leak in the web server process.

prevent

Requires timely identification, reporting, and remediation of flaws such as this specific buffer over-read vulnerability through firmware updates.

prevent

Validates and restricts inputs to the web server to prevent crafted requests that trigger the memory leak and authentication token disclosure.

References