Cyber Resilience

CVE-2024-12013

High

Published: 13 February 2025

Published
13 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
EPSS Score 0.0042 62.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12013 is a high-severity Use of Default Credentials (CWE-1392) vulnerability in Nozominetworks (inferred from references). Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 37.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2024-12013 is a CWE-1392 vulnerability classified as "Use of Default Credentials" affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server protected by default and easy-to-guess admin credentials, enabling unauthorized access to sensitive resources.

A remote attacker capable of interacting with the exposed FTP server can exploit this issue by using the default credentials to gain access. Upon successful authentication, the attacker can modify configuration files exposed by the service, including those storing password hashes or network settings. The vulnerability carries a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L), indicating high integrity impact potential with network accessibility and low complexity.

Mitigation guidance is available in the advisory from Nozomi Networks at https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12013.

EU & UK References

Vulnerability details

A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could…

more

gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
Why these techniques?

Default credentials on exposed FTP service directly enable unauthorized remote access via valid/default accounts and external remote services.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-26366Shared CWE-1392
CVE-2025-8731Shared CWE-1392
CVE-2025-10542Shared CWE-1392
CVE-2025-54756Shared CWE-1392
CVE-2026-7365Shared CWE-1392
CVE-2025-1160Shared CWE-1392
CVE-2026-44159Shared CWE-1392
CVE-2025-2398Shared CWE-1392
CVE-2026-27751Shared CWE-1392
CVE-2026-26341Shared CWE-1392

Affected Assets

Nozominetworks
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires changing default authenticators prior to first use, preventing remote attackers from exploiting the FTP server's default and easy-to-guess admin credentials.

prevent

Ensures account management processes establish non-default credentials and disable unnecessary accounts, mitigating unauthorized access to the device's FTP service.

prevent

Mandates enforcement of secure configuration settings, including replacement of default credentials on exposed services like the FTP server.

References