CVE-2024-12137

Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: before V.01.01.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-25-0071

Configurations

No configuration.

History

27 Jun 2025, 12:15

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de omisión de autenticación por captura y repetición en Elfatek Elektronics ANKA JPD-00028 permite el secuestro de sesión. Este problema afecta a ANKA JPD-00028 hasta el 19/03/2025. NOTA: El proveedor no informó sobre la finalización del proceso de corrección dentro del plazo especificado. El CVE se actualizará cuando haya nueva información disponible.
Summary	(en) Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: through 19.03.2025. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.	(en) Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: before V.01.01.

19 Mar 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-19 09:15

Updated : 2025-06-27 12:15

NVD link : CVE-2024-12137

Mitre link : CVE-2024-12137

CVE.ORG link : CVE-2024-12137

JSON object : View

Products Affected

No product.

CWE

CWE-294

Authentication Bypass by Capture-replay

7.6 /10