Vulnerabilities > CVE-2024-12136 - Missing Critical Step in Authentication vulnerability in Elfatek Anka Jpd00028 Firmware

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

elfatek

CWE-304

NVD

Published: 2025-03-19

Updated: 2025-05-12

Summary

Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass.This issue affects ANKA JPD-00028: through 19.03.2025. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.

Vulnerable Configurations

Part	Description	Count
OS	Elfatek Elfatek Anka Jpd00028 Firmware -	1
Hardware	Elfatek Elfatek Anka Jpd00028 -	1

Common Weakness Enumeration (CWE)

CWE-304 - Missing Critical Step in Authentication

References

https://www.usom.gov.tr/bildirim/tr-25-0071