Correct. Although perhaps an easier way of thinking about it is that given there is only ever one checksum which will fit the given entropy, and for a 24 word seed the last word contains 3 bits of entropy (11 bits of data minus 8 bits of checksum), then since 2³ = 8, there are 8 possible words. For a 12 word seed the last word contains 7 bits of entropy (11 bits of data minus 4 bits of checksum), and 2⁷ = 128 possible words.

But now you are assuming additional knowledge, such as that an attacker knows which addresses are derived from the same seed phrase, that there is no passphrase in use, and what the derivation path being used is. Don't forget as well that as I said above, turning a valid seed phrase in to an address to check for funds is computationally expensive, and so brute forcing x number of seed phrases takes significantly more computing power and time than brute forcing the same number of individual private keys, even more so if for each seed phrase you want to start checking additional derivation paths.