Search
Find a vulnerability
Search criteria
6 vulnerabilities found for futurenet_nxr-1200_firmware by centurysys
CVE-2024-36491 (GCVE-0-2024-36491)
Vulnerability from nvd – Published: 2024-07-17 08:50 – Updated: 2025-04-08 20:43
VLAI
Summary
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
44 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.3 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G200 series |
Affected:
firmware version 9.12.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.28B and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.7.30C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x64 |
Affected:
firmware version 21.7.31 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x86 |
Affected:
firmware version 10.1.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
firmware version 5.25.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
firmware version 5.13.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C series |
Affected:
firmware version 5.22.5M and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
firmware version 1.4.7 and earlier
|
|
| centurysys | futurenet_nxr-1300_firmware |
Affected:
0 , ≤ 7.4.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-650_firmware |
Affected:
0 , ≤ 21.16.1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-610x_firmware |
Affected:
0 , ≤ 21.14.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-530_firmware |
Affected:
0 , ≤ 21.11.13
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-350\/c_firmware |
Affected:
0 , ≤ 5.30.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-230\/c_firmware |
Affected:
0 , ≤ 5.30.12
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-160\/lw_firmware |
Affected:
0 , ≤ 21.8.3
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g200_firmware |
Affected:
0 , ≤ 9.12.15
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g180\/l-ca_firmware |
Affected:
0 , ≤ 21.7.28B
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g120_firmware |
Affected:
0 , ≤ 21.15.2
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
0 , ≤ 21.7.30C
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g100_firmware |
Affected:
0 , ≤ 6.23.10
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , ≤ 21.15.5
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
0 , ≤ 21.12.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x64_firmware |
Affected:
0 , ≤ 21.7.31
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x86_firmware |
Affected:
0 , ≤ 10.1.4
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-1200_firmware |
Affected:
0 , ≤ 5.25.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-130\/c_firmware |
Affected:
0 , ≤ 5.13.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-155\/c_firmware |
Affected:
0 , ≤ 5.22.5M
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-125\/cx_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-120\/c_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_wxr-250_firmware |
Affected:
0 , ≤ 1.4.7
(custom)
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T19:34:01.135233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:43:36.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T04:45:52.077Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36491",
"datePublished": "2024-07-17T08:50:11.777Z",
"dateReserved": "2024-06-06T06:08:01.273Z",
"dateUpdated": "2025-04-08T20:43:36.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36475 (GCVE-0-2024-36475)
Vulnerability from nvd – Published: 2024-07-17 08:48 – Updated: 2024-08-02 03:37
VLAI
Summary
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Active debug code
- CWE-489 - Active Debug Code
Assigner
References
Impacted products
44 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.3 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G200 series |
Affected:
firmware version 9.12.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.28B and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.7.30C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x64 |
Affected:
firmware version 21.7.31 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x86 |
Affected:
firmware version 10.1.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
firmware version 5.25.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
firmware version 5.13.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C series |
Affected:
firmware version 5.22.5M and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
firmware version 1.4.7 and earlier
|
|
| centurysys | futurenet_nxr-1300_firmware |
Affected:
0 , ≤ 7.4.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-650_firmware |
Affected:
0 , ≤ 21.16.1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-610x_firmware |
Affected:
0 , ≤ 21.14.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-530_firmware |
Affected:
0 , ≤ 21.11.13
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-350\/c_firmware |
Affected:
0 , ≤ 5.30.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-230\/c_firmware |
Affected:
0 , ≤ 5.30.12
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-160\/lw_firmware |
Affected:
0 , ≤ 21.8.3
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g200_firmware |
Affected:
0 , ≤ 9.12.15
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g180\/l-ca_firmware |
Affected:
0 , ≤ 21.7.28B
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g120_firmware |
Affected:
0 , ≤ 21.15.2
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
0 , ≤ 21.7.30C
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g100_firmware |
Affected:
0 , ≤ 6.23.10
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , ≤ 21.15.5
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
0 , ≤ 21.12.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x64_firmware |
Affected:
0 , ≤ 21.7.31
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x86_firmware |
Affected:
0 , ≤ 10.1.4
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-1200_firmware |
Affected:
0 , ≤ 5.25.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-130\/c_firmware |
Affected:
0 , ≤ 5.13.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-155\/c_firmware |
Affected:
0 , ≤ 5.22.5M
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-125\/cx_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-120\/c_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_wxr-250_firmware |
Affected:
0 , ≤ 1.4.7
(custom)
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T19:32:43.680364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T19:40:17.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Active debug code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T08:48:33.524Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36475",
"datePublished": "2024-07-17T08:48:33.524Z",
"dateReserved": "2024-06-06T06:08:00.324Z",
"dateUpdated": "2024-08-02T03:37:05.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31070 (GCVE-0-2024-31070)
Vulnerability from nvd – Published: 2024-07-17 08:47 – Updated: 2024-08-02 01:46
VLAI
Summary
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Initialization of a Resource with an Insecure Default
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
Impacted products
44 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.3 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G200 series |
Affected:
firmware version 9.12.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.28B and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.7.30C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x64 |
Affected:
firmware version 21.7.31 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x86 |
Affected:
firmware version 10.1.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
firmware version 5.25.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
firmware version 5.13.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C series |
Affected:
firmware version 5.22.5M and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
firmware version 1.4.7 and earlier
|
|
| centurysys | futurenet_nxr-1300_firmware |
Affected:
0 , ≤ 7.4.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-650_firmware |
Affected:
0 , ≤ 21.16.1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-610x_firmware |
Affected:
0 , ≤ 21.14.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-530_firmware |
Affected:
0 , ≤ 21.11.13
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-350\/c_firmware |
Affected:
0 , ≤ 5.30.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-230\/c_firmware |
Affected:
0 , ≤ 5.30.12
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-160\/lw_firmware |
Affected:
0 , ≤ 21.8.3
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g200_firmware |
Affected:
0 , ≤ 9.12.15
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g180\/l-ca_firmware |
Affected:
0 , ≤ 21.7.28B
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g120_firmware |
Affected:
0 , ≤ 21.15.2
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
0 , ≤ 21.7.30C
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g100_firmware |
Affected:
0 , ≤ 6.23.10
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , ≤ 21.15.5
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
0 , ≤ 21.12.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x64_firmware |
Affected:
0 , ≤ 21.7.31
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x86_firmware |
Affected:
0 , ≤ 10.1.4
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-1200_firmware |
Affected:
0 , ≤ 5.25.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-130\/c_firmware |
Affected:
0 , ≤ 5.13.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-155\/c_firmware |
Affected:
0 , ≤ 5.22.5M
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-125\/cx_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-120\/c_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_wxr-250_firmware |
Affected:
0 , ≤ 1.4.7
(custom)
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T13:17:01.773769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T14:09:58.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:04.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T08:47:22.506Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31070",
"datePublished": "2024-07-17T08:47:22.506Z",
"dateReserved": "2024-06-06T06:07:59.482Z",
"dateUpdated": "2024-08-02T01:46:04.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36491 (GCVE-0-2024-36491)
Vulnerability from cvelistv5 – Published: 2024-07-17 08:50 – Updated: 2025-04-08 20:43
VLAI
Summary
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
44 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.3 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G200 series |
Affected:
firmware version 9.12.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.28B and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.7.30C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x64 |
Affected:
firmware version 21.7.31 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x86 |
Affected:
firmware version 10.1.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
firmware version 5.25.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
firmware version 5.13.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C series |
Affected:
firmware version 5.22.5M and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
firmware version 1.4.7 and earlier
|
|
| centurysys | futurenet_nxr-1300_firmware |
Affected:
0 , ≤ 7.4.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-650_firmware |
Affected:
0 , ≤ 21.16.1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-610x_firmware |
Affected:
0 , ≤ 21.14.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-530_firmware |
Affected:
0 , ≤ 21.11.13
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-350\/c_firmware |
Affected:
0 , ≤ 5.30.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-230\/c_firmware |
Affected:
0 , ≤ 5.30.12
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-160\/lw_firmware |
Affected:
0 , ≤ 21.8.3
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g200_firmware |
Affected:
0 , ≤ 9.12.15
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g180\/l-ca_firmware |
Affected:
0 , ≤ 21.7.28B
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g120_firmware |
Affected:
0 , ≤ 21.15.2
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
0 , ≤ 21.7.30C
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g100_firmware |
Affected:
0 , ≤ 6.23.10
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , ≤ 21.15.5
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
0 , ≤ 21.12.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x64_firmware |
Affected:
0 , ≤ 21.7.31
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x86_firmware |
Affected:
0 , ≤ 10.1.4
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-1200_firmware |
Affected:
0 , ≤ 5.25.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-130\/c_firmware |
Affected:
0 , ≤ 5.13.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-155\/c_firmware |
Affected:
0 , ≤ 5.22.5M
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-125\/cx_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-120\/c_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_wxr-250_firmware |
Affected:
0 , ≤ 1.4.7
(custom)
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T19:34:01.135233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:43:36.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T04:45:52.077Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36491",
"datePublished": "2024-07-17T08:50:11.777Z",
"dateReserved": "2024-06-06T06:08:01.273Z",
"dateUpdated": "2025-04-08T20:43:36.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36475 (GCVE-0-2024-36475)
Vulnerability from cvelistv5 – Published: 2024-07-17 08:48 – Updated: 2024-08-02 03:37
VLAI
Summary
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Active debug code
- CWE-489 - Active Debug Code
Assigner
References
Impacted products
44 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.3 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G200 series |
Affected:
firmware version 9.12.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.28B and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.7.30C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x64 |
Affected:
firmware version 21.7.31 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x86 |
Affected:
firmware version 10.1.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
firmware version 5.25.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
firmware version 5.13.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C series |
Affected:
firmware version 5.22.5M and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
firmware version 1.4.7 and earlier
|
|
| centurysys | futurenet_nxr-1300_firmware |
Affected:
0 , ≤ 7.4.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-650_firmware |
Affected:
0 , ≤ 21.16.1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-610x_firmware |
Affected:
0 , ≤ 21.14.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-530_firmware |
Affected:
0 , ≤ 21.11.13
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-350\/c_firmware |
Affected:
0 , ≤ 5.30.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-230\/c_firmware |
Affected:
0 , ≤ 5.30.12
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-160\/lw_firmware |
Affected:
0 , ≤ 21.8.3
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g200_firmware |
Affected:
0 , ≤ 9.12.15
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g180\/l-ca_firmware |
Affected:
0 , ≤ 21.7.28B
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g120_firmware |
Affected:
0 , ≤ 21.15.2
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
0 , ≤ 21.7.30C
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g100_firmware |
Affected:
0 , ≤ 6.23.10
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , ≤ 21.15.5
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
0 , ≤ 21.12.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x64_firmware |
Affected:
0 , ≤ 21.7.31
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x86_firmware |
Affected:
0 , ≤ 10.1.4
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-1200_firmware |
Affected:
0 , ≤ 5.25.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-130\/c_firmware |
Affected:
0 , ≤ 5.13.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-155\/c_firmware |
Affected:
0 , ≤ 5.22.5M
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-125\/cx_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-120\/c_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_wxr-250_firmware |
Affected:
0 , ≤ 1.4.7
(custom)
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T19:32:43.680364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T19:40:17.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Active debug code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T08:48:33.524Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36475",
"datePublished": "2024-07-17T08:48:33.524Z",
"dateReserved": "2024-06-06T06:08:00.324Z",
"dateUpdated": "2024-08-02T03:37:05.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31070 (GCVE-0-2024-31070)
Vulnerability from cvelistv5 – Published: 2024-07-17 08:47 – Updated: 2024-08-02 01:46
VLAI
Summary
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Initialization of a Resource with an Insecure Default
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
Impacted products
44 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.3 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G200 series |
Affected:
firmware version 9.12.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.28B and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.7.30C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x64 |
Affected:
firmware version 21.7.31 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x86 |
Affected:
firmware version 10.1.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
firmware version 5.25.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
firmware version 5.13.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C series |
Affected:
firmware version 5.22.5M and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
firmware version 1.4.7 and earlier
|
|
| centurysys | futurenet_nxr-1300_firmware |
Affected:
0 , ≤ 7.4.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-650_firmware |
Affected:
0 , ≤ 21.16.1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-610x_firmware |
Affected:
0 , ≤ 21.14.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-530_firmware |
Affected:
0 , ≤ 21.11.13
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-350\/c_firmware |
Affected:
0 , ≤ 5.30.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-230\/c_firmware |
Affected:
0 , ≤ 5.30.12
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-160\/lw_firmware |
Affected:
0 , ≤ 21.8.3
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g200_firmware |
Affected:
0 , ≤ 9.12.15
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g180\/l-ca_firmware |
Affected:
0 , ≤ 21.7.28B
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g120_firmware |
Affected:
0 , ≤ 21.15.2
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
0 , ≤ 21.7.30C
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g100_firmware |
Affected:
0 , ≤ 6.23.10
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , ≤ 21.15.5
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
0 , ≤ 21.12.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x64_firmware |
Affected:
0 , ≤ 21.7.31
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x86_firmware |
Affected:
0 , ≤ 10.1.4
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-1200_firmware |
Affected:
0 , ≤ 5.25.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-130\/c_firmware |
Affected:
0 , ≤ 5.13.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-155\/c_firmware |
Affected:
0 , ≤ 5.22.5M
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-125\/cx_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-120\/c_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_wxr-250_firmware |
Affected:
0 , ≤ 1.4.7
(custom)
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T13:17:01.773769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T14:09:58.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:04.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T08:47:22.506Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31070",
"datePublished": "2024-07-17T08:47:22.506Z",
"dateReserved": "2024-06-06T06:07:59.482Z",
"dateUpdated": "2024-08-02T01:46:04.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}