CVE-2024-12011

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-126
View all →

Vulnerability Description

A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.

Related Vulnerabilities

CVE-2017-7668

HIGH
CVSS:7.5(High)

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously ...

CWE-1262017

CVE-2018-8789

HIGH
CVSS:7.5(High)

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

CWE-1262018

CVE-2018-8791

HIGH
CVSS:7.5(High)

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.

CWE-1262018

CVE-2018-8792

HIGH
CVSS:7.5(High)

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).

CWE-1262018

CVE-2018-8796

HIGH
CVSS:7.5(High)

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).

CWE-1262018

CVE-2018-8798

HIGH
CVSS:7.5(High)

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.

CWE-1262018