CVE-2024-12136

Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass.This issue affects ANKA JPD-00028: through 19.03.2025. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.

CVSS v3 6.9 MEDIUM

6.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.3 / Impact : 6.0

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-25-0071	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:elfatek:anka_jpd00028_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:elfatek:anka_jpd00028:-:*:*:*:*:*:*:*

History

12 May 2025, 16:56

Type	Values Removed	Values Added
CPE		cpe:2.3:o:elfatek:anka_jpd00028_firmware:-:::::::* cpe:2.3:h:elfatek:anka_jpd00028:-:::::::*
CWE		NVD-CWE-Other
References	~~() https://www.usom.gov.tr/bildirim/tr-25-0071 -~~	() https://www.usom.gov.tr/bildirim/tr-25-0071 - Third Party Advisory
Summary		(es) La vulnerabilidad "Paso crítico faltante en la autenticación" en Elfatek Elektronics ANKA JPD-00028 permite la omisión de la autenticación. Este problema afecta a ANKA JPD-00028 hasta el 19/03/2025. NOTA: El proveedor no informó sobre la finalización del proceso de corrección dentro del plazo especificado. El CVE se actualizará cuando haya nueva información disponible.
First Time		Elfatek anka Jpd00028 Firmware Elfatek Elfatek anka Jpd00028

19 Mar 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-19 09:15

Updated : 2025-05-12 16:56

NVD link : CVE-2024-12136

Mitre link : CVE-2024-12136

CVE.ORG link : CVE-2024-12136

JSON object : View

Products Affected

elfatek

anka_jpd00028
anka_jpd00028_firmware

CWE

CWE-304

Missing Critical Step in Authentication

NVD-CWE-Other

{"id": "CVE-2024-12136", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-03-19T09:15:12.710", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0071", "tags": ["Third Party Advisory"], "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-304"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass.This issue affects ANKA JPD-00028: through 19.03.2025.\n\nNOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available."}, {"lang": "es", "value": "La vulnerabilidad \"Paso cr\u00edtico faltante en la autenticaci\u00f3n\" en Elfatek Elektronics ANKA JPD-00028 permite la omisi\u00f3n de la autenticaci\u00f3n. Este problema afecta a ANKA JPD-00028 hasta el 19/03/2025. NOTA: El proveedor no inform\u00f3 sobre la finalizaci\u00f3n del proceso de correcci\u00f3n dentro del plazo especificado. El CVE se actualizar\u00e1 cuando haya nueva informaci\u00f3n disponible."}], "lastModified": "2025-05-12T16:56:35.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:elfatek:anka_jpd00028_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "620BD444-D3FE-45F3-8143-14336AD95A4B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:elfatek:anka_jpd00028:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A15FD163-81A4-4DB2-AEB1-2489129CF7EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "iletisim@usom.gov.tr"}