Search

Find a vulnerability

Search criteria

    1 vulnerability found for FutureNet WXR series by Century Systems Co., Ltd.

    JVNDB-2025-002714

    Vulnerability from jvndb - Published: 2025-03-31 16:59 - Updated:2025-04-03 15:19
    Severity
    Summary
    Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers
    Details
    FutureNet NXR series, VXR series and WXR series routers provided by Century Systems Co., Ltd. fail to properly handle symbolic link files (CWE-61). Century Systems Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002714.html",
      "dc:date": "2025-04-03T15:19+09:00",
      "dcterms:issued": "2025-03-31T16:59+09:00",
      "dcterms:modified": "2025-04-03T15:19+09:00",
      "description": "FutureNet NXR series, VXR series and WXR series routers provided by Century Systems Co., Ltd. fail to properly handle symbolic link files (CWE-61).\r\n\r\nCentury Systems Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002714.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:centurysys:futurenet_nxr",
          "@product": "FutureNet NXR series",
          "@vendor": "Century Systems Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:centurysys:futurenet_vxr",
          "@product": "FutureNet VXR series",
          "@vendor": "Century Systems Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:centurysys:futurenet_wxr",
          "@product": "FutureNet WXR series",
          "@vendor": "Century Systems Co., Ltd.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "6.2",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-002714",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU92821536/index.html",
          "@id": "JVNVU#92821536",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-30485",
          "@id": "CVE-2025-30485",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/61.html",
          "@id": "CWE-61",
          "@title": "UNIX Symbolic Link (Symlink) Following(CWE-61)"
        }
      ],
      "title": "Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers"
    }