{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12013", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2024-12-02T10:29:14.254Z", "datePublished": "2025-02-13T16:03:02.948Z", "dateUpdated": "2025-02-13T16:53:17.702Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "130.8005", "vendor": "Zettler", "versions": [{"status": "affected", "version": "12h", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A CWE-1392 \u201cUse of Default Credentials\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored."}], "value": "A CWE-1392 \u201cUse of Default Credentials\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1392", "description": "CWE-1392 Use of Default Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2025-02-13T16:03:02.948Z"}, "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12013"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-13T16:53:11.220388Z", "id": "CVE-2024-12013", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-13T16:53:17.702Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12013", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-13T16:53:11.220388Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-13T16:53:14.129Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zettler", "product": "130.8005", "versions": [{"status": "affected", "version": "12h", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12013"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A CWE-1392 \u201cUse of Default Credentials\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored.", "supportingMedia": [{"type": "text/html", "value": "A CWE-1392 \u201cUse of Default Credentials\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1392", "description": "CWE-1392 Use of Default Credentials"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2025-02-13T16:03:02.948Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12013", "state": "PUBLISHED", "dateUpdated": "2025-02-13T16:53:17.702Z", "dateReserved": "2024-12-02T10:29:14.254Z", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "datePublished": "2025-02-13T16:03:02.948Z", "assignerShortName": "Nozomi"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A CWE-1392 \u201cUse of Default Credentials\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored."}], "id": "CVE-2024-12013", "lastModified": "2025-02-13T16:15:44.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}, "published": "2025-02-13T16:15:44.050", "references": [{"source": "prodsec@nozominetworks.com", "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12013"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1392"}], "source": "prodsec@nozominetworks.com", "type": "Primary"}]}

{}