CVE-2024-12137

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12137
Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking. This issue affects ANKA JPD-00028: before V.01.01.

7.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0071
https://www.usom.gov.tr/bildirim/tr-25-0071
Configurations

No configuration.

History

01 Jun 2026, 15:16

Type Values Removed Values Added
References
  • () https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0071 -
Summary (en) Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: before V.01.01. (en) Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking. This issue affects ANKA JPD-00028: before V.01.01.

27 Jun 2025, 12:15

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de omisión de autenticación por captura y repetición en Elfatek Elektronics ANKA JPD-00028 permite el secuestro de sesión. Este problema afecta a ANKA JPD-00028 hasta el 19/03/2025. NOTA: El proveedor no informó sobre la finalización del proceso de corrección dentro del plazo especificado. El CVE se actualizará cuando haya nueva información disponible.
Summary (en) Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: through 19.03.2025. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. (en) Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: before V.01.01.

19 Mar 2025, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-19 09:15

Updated : 2026-06-01 15:16

NVD link : CVE-2024-12137

Mitre link : CVE-2024-12137

CVE.ORG link : CVE-2024-12137

JSON object : View

Products Affected

No product.

CWE
CWE-294

Authentication Bypass by Capture-replay