CVE-2024-12013 — HIGH (7.6)

Vulnerability Description

A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored.

CVSS Score

7.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

LOW

Related Weaknesses (CWE)

CWE-1392

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12013

FAQ

What is CVE-2024-12013?

CVE-2024-12013 is a vulnerability with a CVSS score of 7.6 (HIGH). A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credent...

How severe is CVE-2024-12013?

CVE-2024-12013 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-12013?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.