CVE-2024-12013
Published: 13 February 2025
Summary
CVE-2024-12013 is a high-severity Use of Default Credentials (CWE-1392) vulnerability in Nozominetworks (inferred from references). Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 37.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-5 (Authenticator Management).
Deeper analysis
CVE-2024-12013 is a CWE-1392 vulnerability classified as "Use of Default Credentials" affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server protected by default and easy-to-guess admin credentials, enabling unauthorized access to sensitive resources.
A remote attacker capable of interacting with the exposed FTP server can exploit this issue by using the default credentials to gain access. Upon successful authentication, the attacker can modify configuration files exposed by the service, including those storing password hashes or network settings. The vulnerability carries a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L), indicating high integrity impact potential with network accessibility and low complexity.
Mitigation guidance is available in the advisory from Nozomi Networks at https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12013.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50535
Vulnerability details
A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could…
more
gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Default credentials on exposed FTP service directly enable unauthorized remote access via valid/default accounts and external remote services.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires changing default authenticators prior to first use, preventing remote attackers from exploiting the FTP server's default and easy-to-guess admin credentials.
Ensures account management processes establish non-default credentials and disable unnecessary accounts, mitigating unauthorized access to the device's FTP service.
Mandates enforcement of secure configuration settings, including replacement of default credentials on exposed services like the FTP server.