Search
Find a vulnerability
Search criteria
24 vulnerabilities by Century Systems Co., Ltd.
JVNDB-2025-017972
Vulnerability from jvndb - Published: 2025-11-04 16:37 - Updated:2025-11-04 16:37
Severity
Summary
Multiple vulnerabilities in Century Systems FutureNet MA and IP-K series
Details
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.
- OS command Injection (CWE-78) - CVE-2025-54763
- Files or directories acessible to external parties (CWE-552) - CVE-2025-58152
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-017972.html",
"dc:date": "2025-11-04T16:37+09:00",
"dcterms:issued": "2025-11-04T16:37+09:00",
"dcterms:modified": "2025-11-04T16:37+09:00",
"description": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\u003cli\u003eOS command Injection (CWE-78) - CVE-2025-54763\u003c/li\u003e\r\n\u003cli\u003eFiles or directories acessible to external parties (CWE-552) - CVE-2025-58152\u003c/li\u003e\u003c/ul\u003e\r\nChuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-017972.html",
"sec:cpe": [
{
"#text": "cpe:/o:centurysys:futurenet_ip-k",
"@product": "FutureNet IP-K series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_ma-e300",
"@product": "FutureNet MA-E300 series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_ma-p",
"@product": "FutureNet MA-P series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_ma-s",
"@product": "FutureNet MA-S series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_ma-x",
"@product": "FutureNet MA-X series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-017972",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU98191201/",
"@id": "JVNVU#98191201",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54763",
"@id": "CVE-2025-54763",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-58152",
"@id": "CVE-2025-58152",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/552.html",
"@id": "CWE-552",
"@title": "Files or Directories Accessible to External Parties(CWE-552)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in Century Systems FutureNet MA and IP-K series"
}
JVNDB-2025-002714
Vulnerability from jvndb - Published: 2025-03-31 16:59 - Updated:2025-04-03 15:19
Severity
Summary
Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers
Details
FutureNet NXR series, VXR series and WXR series routers provided by Century Systems Co., Ltd. fail to properly handle symbolic link files (CWE-61).
Century Systems Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002714.html",
"dc:date": "2025-04-03T15:19+09:00",
"dcterms:issued": "2025-03-31T16:59+09:00",
"dcterms:modified": "2025-04-03T15:19+09:00",
"description": "FutureNet NXR series, VXR series and WXR series routers provided by Century Systems Co., Ltd. fail to properly handle symbolic link files (CWE-61).\r\n\r\nCentury Systems Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002714.html",
"sec:cpe": [
{
"#text": "cpe:/o:centurysys:futurenet_nxr",
"@product": "FutureNet NXR series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_vxr",
"@product": "FutureNet VXR series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_wxr",
"@product": "FutureNet WXR series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-002714",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92821536/index.html",
"@id": "JVNVU#92821536",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-30485",
"@id": "CVE-2025-30485",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/61.html",
"@id": "CWE-61",
"@title": "UNIX Symbolic Link (Symlink) Following(CWE-61)"
}
],
"title": "Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers"
}
JVNDB-2025-001898
Vulnerability from jvndb - Published: 2025-03-04 14:56 - Updated:2025-03-04 14:56
Severity
Summary
Multiple vulnerabilities in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine)
Details
FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.
* Authentication Bypass (CWE-288) - CVE-2025-24846
* Buffer Overflow (CWE-120) - CVE-2025-25280
Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-001898.html",
"dc:date": "2025-03-04T14:56+09:00",
"dcterms:issued": "2025-03-04T14:56+09:00",
"dcterms:modified": "2025-03-04T14:56+09:00",
"description": "FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.\r\n\r\n * Authentication Bypass (CWE-288) - CVE-2025-24846\r\n * Buffer Overflow (CWE-120) - CVE-2025-25280\r\n\r\nChuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-001898.html",
"sec:cpe": [
{
"#text": "cpe:/o:centurysys:futurenet_as-210/u4_firmware",
"@product": "FutureNet AS-210/U4 firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_as-250/f-ko_firmware",
"@product": "FutureNet AS-250/F-KO firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_as-250/f-sc_firmware",
"@product": "FutureNet AS-250/F-SC firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_as-250/kl_firmware",
"@product": "FutureNet AS-250/KL firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_as-250/kl_rev2_firmware",
"@product": "FutureNet AS-250/KL Rev2 firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_as-250/l_firmware",
"@product": "FutureNet AS-250/L firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_as-250/nl_firmware",
"@product": "FutureNet AS-250/NL firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_as-250/s_firmware",
"@product": "FutureNet AS-250/S firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_as-m250/kl_firmware",
"@product": "FutureNet AS-M250/KL firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_as-m250/l_firmware",
"@product": "FutureNet AS-M250/L firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_as-m250/nl_firmware",
"@product": "FutureNet AS-M250/NL firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_as-p250/kl_firmware",
"@product": "FutureNet AS-P250/KL firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_as-p250/nl_firmware",
"@product": "FutureNet AS-P250/NL firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_fa-210_firmware",
"@product": "FutureNet FA-210 firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_fa-215_firmware",
"@product": "FutureNet FA-215 firmware",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-001898",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU96398949/index.html",
"@id": "JVNVU#96398949",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-24846",
"@id": "CVE-2025-24846",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-25280",
"@id": "CVE-2025-25280",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/120.html",
"@id": "CWE-120",
"@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/288.html",
"@id": "CWE-288",
"@title": "Authentication Bypass Using an Alternate Path or Channel(CWE-288)"
}
],
"title": "Multiple vulnerabilities in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine)"
}
JVNDB-2024-011744
Vulnerability from jvndb - Published: 2024-11-01 13:49 - Updated:2024-11-01 13:49
Severity
Summary
REST-APIs unintentionally enabled in Century Systems FutureNet NXR series routers
Details
FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration.
But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled (CWE-684).
The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled.
The username and the password for REST-APIs are configured in the factory default configuration.
Century Systems Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-011744.html",
"dc:date": "2024-11-01T13:49+09:00",
"dcterms:issued": "2024-11-01T13:49+09:00",
"dcterms:modified": "2024-11-01T13:49+09:00",
"description": "FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration.\r\nBut, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled (CWE-684).\r\nThe factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled.\r\nThe username and the password for REST-APIs are configured in the factory default configuration.\r\n\r\nCentury Systems Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-011744.html",
"sec:cpe": [
{
"#text": "cpe:/o:centurysys:futurenet_nxr-g050",
"@product": "FutureNet NXR-G050 series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-g060",
"@product": "FutureNet NXR-G060 series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-g110",
"@product": "FutureNet NXR-G110 series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-011744",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95001899/index.html",
"@id": "JVNVU#95001899",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-50357",
"@id": "CVE-2024-50357",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/684.html",
"@id": "CWE-684",
"@title": "Incorrect Provision of Specified Functionality(CWE-684)"
}
],
"title": "REST-APIs unintentionally enabled in Century Systems FutureNet NXR series routers"
}
JVNDB-2024-004595
Vulnerability from jvndb - Published: 2024-07-29 17:51 - Updated:2025-06-30 09:56
Severity
Summary
Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series
Details
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.
* Initialization of a Resource with an Insecure Default (CWE-1188) - CVE-2024-31070
* Active Debug Code (CWE-489) - CVE-2024-36475
* OS Command Injection (CWE-78) - CVE-2024-36491
* Buffer Overflow (CWE-120) - CVE-2020-10188
The product uses previous versions of netkit-telnet which contains a known vulnerability.
CVE-2024-31070, CVE-2024-36475
Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVE-2024-36491, CVE-2020-10188
Century Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
"dc:date": "2025-06-30T09:56+09:00",
"dcterms:issued": "2024-07-29T17:51+09:00",
"dcterms:modified": "2025-06-30T09:56+09:00",
"description": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.\r\n * Initialization of a Resource with an Insecure Default (CWE-1188) - CVE-2024-31070\r\n * Active Debug Code (CWE-489) - CVE-2024-36475\r\n * OS Command Injection (CWE-78) - CVE-2024-36491\r\n * Buffer Overflow (CWE-120) - CVE-2020-10188\r\n The product uses previous versions of netkit-telnet which contains a known vulnerability.\r\n\r\nCVE-2024-31070, CVE-2024-36475\r\nKatsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2024-36491, CVE-2020-10188\r\nCentury Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
"sec:cpe": [
{
"#text": "cpe:/o:centurysys:futurenet_nxr-120/c",
"@product": "FutureNet NXR-120/C",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-1200",
"@product": "FutureNet NXR-1200",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-125/cx",
"@product": "FutureNet NXR-125/CX",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-130/c",
"@product": "FutureNet NXR-130/C",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-1300",
"@product": "FutureNet NXR-1300 series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-155/c",
"@product": "FutureNet NXR-155/C series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-160/lw",
"@product": "FutureNet NXR-160/LW",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-230/c",
"@product": "FutureNet NXR-230/C",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-350/c",
"@product": "FutureNet NXR-350/C",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-530",
"@product": "FutureNet NXR-530",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-610x",
"@product": "FutureNet NXR-610X series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-650",
"@product": "FutureNet NXR-650",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-g050",
"@product": "FutureNet NXR-G050 series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-g060",
"@product": "FutureNet NXR-G060 series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-g100",
"@product": "FutureNet NXR-G100 series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-g110",
"@product": "FutureNet NXR-G110 series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-g120",
"@product": "FutureNet NXR-G120 series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-g180/l-ca",
"@product": "FutureNet NXR-G180/L-CA",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_nxr-g200",
"@product": "FutureNet NXR-G200 series",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_vxr/x64",
"@product": "FutureNet VXR/x64",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_vxr/x86",
"@product": "FutureNet VXR/x86",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:centurysys:futurenet_wxr-250",
"@product": "FutureNet WXR-250",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-004595",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU96424864/index.html",
"@id": "JVNVU#96424864",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31070",
"@id": "CVE-2024-31070",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36475",
"@id": "CVE-2024-36475",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36491",
"@id": "CVE-2024-36491",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2020-10188",
"@id": "CVE-2020-10188",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1188.html",
"@id": "CWE-1188",
"@title": "Insecure Default Initialization of Resource(CWE-1188)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/120.html",
"@id": "CWE-120",
"@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/489.html",
"@id": "CWE-489",
"@title": "Active Debug Code(CWE-489)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series"
}
JVNDB-2008-000042
Vulnerability from jvndb - Published: 2008-07-24 14:23 - Updated:2008-07-24 14:23Summary
Multiple Century Systems routers vulnerable to cross-site request forgery
Details
The web interface in multiple Century Systems routers is vulnerable to cross-site request forgery.
Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000042.html",
"dc:date": "2008-07-24T14:23+09:00",
"dcterms:issued": "2008-07-24T14:23+09:00",
"dcterms:modified": "2008-07-24T14:23+09:00",
"description": "The web interface in multiple Century Systems routers is vulnerable to cross-site request forgery.\r\n\r\nMultiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery.\r\n\r\nHirotaka Katagiri reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000042.html",
"sec:cpe": [
{
"#text": "cpe:/h:centurysys:xr-1100",
"@product": "XR-1100",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/h:centurysys:xr-410",
"@product": "XR-410",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/h:centurysys:xr-410-l2",
"@product": "XR-410-L2",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/h:centurysys:xr-440",
"@product": "XR-440",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/h:centurysys:xr-510",
"@product": "XR-510",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/h:centurysys:xr-540",
"@product": "XR-540",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/h:centurysys:xr-640",
"@product": "XR-640",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/h:centurysys:xr-640-l2",
"@product": "XR-640-L2",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/h:centurysys:xr-730",
"@product": "XR-730",
"@vendor": "Century Systems Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000042",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN67573833/index.html",
"@id": "JVN#67573833",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6449",
"@id": "CVE-2008-6449",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6449",
"@id": "CVE-2008-6449",
"@source": "NVD"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000042.html",
"@id": "JVNDB-2008-000042",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple Century Systems routers vulnerable to cross-site request forgery"
}
CVE-2025-58152 (GCVE-0-2025-58152)
Vulnerability from nvd – Published: 2025-10-31 05:55 – Updated: 2025-10-31 17:07
VLAI
Summary
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-552 - Files or directories accessible to external parties
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet MA-X series |
Affected:
from 6.0.0 to 6.4.1
|
|
| Century Systems Co., Ltd. | FutureNet MA-E300 series |
Affected:
from 5.0.0 to 6.2.1
|
|
| Century Systems Co., Ltd. | FutureNet MA-S series |
Affected:
from 5.0.0 to 6.4.0
|
|
| Century Systems Co., Ltd. | FutureNet MA-P series |
Affected:
from 5.0.0 to 6.4.0
|
|
| Century Systems Co., Ltd. | FutureNet IP-K series |
Affected:
from 2.0.0 to 2.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T17:07:21.751490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T17:07:56.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet MA-X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 6.0.0 to 6.4.1"
}
]
},
{
"product": "FutureNet MA-E300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.2.1"
}
]
},
{
"product": "FutureNet MA-S series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.4.0"
}
]
},
{
"product": "FutureNet MA-P series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.4.0"
}
]
},
{
"product": "FutureNet IP-K series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 2.0.0 to 2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or directories accessible to external parties",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T05:55:02.996Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98191201/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58152",
"datePublished": "2025-10-31T05:55:02.996Z",
"dateReserved": "2025-10-17T08:08:12.702Z",
"dateUpdated": "2025-10-31T17:07:56.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54763 (GCVE-0-2025-54763)
Vulnerability from nvd – Published: 2025-10-31 05:55 – Updated: 2025-10-31 17:15
VLAI
Summary
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet MA-X series |
Affected:
from 6.0.0 to 6.4.1
|
|
| Century Systems Co., Ltd. | FutureNet MA-E300 series |
Affected:
from 5.0.0 to 6.2.1
|
|
| Century Systems Co., Ltd. | FutureNet MA-S series |
Affected:
from 5.0.0 to 6.4.0
|
|
| Century Systems Co., Ltd. | FutureNet MA-P series |
Affected:
from 5.0.0 to 6.4.0
|
|
| Century Systems Co., Ltd. | FutureNet IP-K series |
Affected:
from 2.0.0 to 2.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T17:09:21.191509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T17:15:10.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet MA-X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 6.0.0 to 6.4.1"
}
]
},
{
"product": "FutureNet MA-E300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.2.1"
}
]
},
{
"product": "FutureNet MA-S series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.4.0"
}
]
},
{
"product": "FutureNet MA-P series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.4.0"
}
]
},
{
"product": "FutureNet IP-K series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 2.0.0 to 2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T05:55:24.573Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98191201/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-54763",
"datePublished": "2025-10-31T05:55:24.573Z",
"dateReserved": "2025-10-17T08:08:15.679Z",
"dateUpdated": "2025-10-31T17:15:10.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30485 (GCVE-0-2025-30485)
Vulnerability from nvd – Published: 2025-04-03 06:18 – Updated: 2025-04-03 13:41
VLAI
Summary
UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-61 - UNIX symbolic link (Symlink) following
Assigner
References
2 references
Impacted products
32 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1420 |
Affected:
firmware version 31.0.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11D and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G540 series |
Affected:
firmware version 21.17.0
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G260 series |
Affected:
firmware version 9.12.17 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G240 series |
Affected:
firmware version 9.12.17 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.33 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2C1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.15.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.6C2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR-x64 |
Affected:
firmware version 21.7.33 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR-x86 |
Affected:
firmware version 10.1.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C-L |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C-XW |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C-WM |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100/SLW |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100/SL |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100/S |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100/N |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100/F |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T13:39:37.971930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T13:41:26.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1420",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 31.0.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11D and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9C and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-G540 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.17.0"
}
]
},
{
"product": "FutureNet NXR-G260 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.17 and earlier"
}
]
},
{
"product": "FutureNet NXR-G240 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.17 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.33 and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2C1 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.6C2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.11 and earlier"
}
]
},
{
"product": "FutureNet VXR-x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.33 and earlier"
}
]
},
{
"product": "FutureNet VXR-x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-155/C-L",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-155/C-XW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-155/C-WM",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-G100/SLW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-G100/SL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-G100/S",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-G100/N",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-G100/F",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "UNIX symbolic link (Symlink) following",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T06:18:36.311Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92821536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-30485",
"datePublished": "2025-04-03T06:18:36.311Z",
"dateReserved": "2025-03-24T00:55:23.294Z",
"dateUpdated": "2025-04-03T13:41:26.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25280 (GCVE-0-2025-25280)
Vulnerability from nvd – Published: 2025-03-03 08:25 – Updated: 2025-03-03 14:53
VLAI
Summary
Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer overflow
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet AS-250/S |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/F-SC |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/F-KO |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/NL |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/KL |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/KL Rev2 |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/L |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/L |
Affected:
firmware Version 3.0.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/KL |
Affected:
firmware Version 3.0.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/NL |
Affected:
firmware Version 3.0.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-P250/NL |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-P250/KL |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-210/U4 |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet FA-210 |
Affected:
firmware Version 1.1.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet FA-215 |
Affected:
firmware Version 1.0.1 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T14:52:46.483841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T14:53:08.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet AS-250/S",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/F-SC",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/F-KO",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/KL Rev2",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet AS-250/L",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/L",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 3.0.0 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 3.0.0 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 3.0.0 and earlier"
}
]
},
{
"product": "FutureNet AS-P250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet AS-P250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet AS-210/U4",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet FA-210",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.1.9 and earlier"
}
]
},
{
"product": "FutureNet FA-215",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T08:25:16.938Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96398949/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25280",
"datePublished": "2025-03-03T08:25:16.938Z",
"dateReserved": "2025-02-17T04:46:45.646Z",
"dateUpdated": "2025-03-03T14:53:08.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24846 (GCVE-0-2025-24846)
Vulnerability from nvd – Published: 2025-03-03 08:23 – Updated: 2025-03-03 13:17
VLAI
Summary
Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
2 references
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet AS-250/S |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/F-SC |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/F-KO |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/NL |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/KL |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/KL Rev2 |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/L |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/L |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/KL |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/NL |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-P250/NL |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-P250/KL |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-210/U4 |
Affected:
firmware Version 2.6.4 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T13:15:19.774363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T13:17:41.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet AS-250/S",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/F-SC",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/F-KO",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/KL Rev2",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-250/L",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/L",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-P250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-P250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-210/U4",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T08:23:52.407Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96398949/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24846",
"datePublished": "2025-03-03T08:23:52.407Z",
"dateReserved": "2025-02-17T04:46:48.959Z",
"dateUpdated": "2025-03-03T13:17:41.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50357 (GCVE-0-2024-50357)
Vulnerability from nvd – Published: 2024-11-29 09:06 – Updated: 2024-12-02 18:15
VLAI
Summary
FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product's settings via REST-APIs.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-684 - Incorrect provision of specified functionality
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware versions 21.15.7 and later but prior to 21.15.9
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware versions prior to 21.15.6C1
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware versions 21.12.5 and later but prior to 21.12.11
|
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
21.15.7 , < 21.15.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , < 21.15.6C1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
21.12.5 , < 21.12.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThan": "21.15.9",
"status": "affected",
"version": "21.15.7",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThan": "21.15.6C1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThan": "21.12.11",
"status": "affected",
"version": "21.12.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T13:27:09.092320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T18:15:27.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware versions 21.15.7 and later but prior to 21.15.9"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 21.15.6C1"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware versions 21.12.5 and later but prior to 21.12.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product\u0027s settings via REST-APIs."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-684",
"description": "Incorrect provision of specified functionality",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T09:06:56.251Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20241031-01.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95001899/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-50357",
"datePublished": "2024-11-29T09:06:56.251Z",
"dateReserved": "2024-10-23T04:47:33.910Z",
"dateUpdated": "2024-12-02T18:15:27.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36491 (GCVE-0-2024-36491)
Vulnerability from nvd – Published: 2024-07-17 08:50 – Updated: 2025-04-08 20:43
VLAI
Summary
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
44 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.3 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G200 series |
Affected:
firmware version 9.12.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.28B and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.7.30C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x64 |
Affected:
firmware version 21.7.31 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x86 |
Affected:
firmware version 10.1.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
firmware version 5.25.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
firmware version 5.13.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C series |
Affected:
firmware version 5.22.5M and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
firmware version 1.4.7 and earlier
|
|
| centurysys | futurenet_nxr-1300_firmware |
Affected:
0 , ≤ 7.4.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-650_firmware |
Affected:
0 , ≤ 21.16.1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-610x_firmware |
Affected:
0 , ≤ 21.14.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-530_firmware |
Affected:
0 , ≤ 21.11.13
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-350\/c_firmware |
Affected:
0 , ≤ 5.30.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-230\/c_firmware |
Affected:
0 , ≤ 5.30.12
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-160\/lw_firmware |
Affected:
0 , ≤ 21.8.3
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g200_firmware |
Affected:
0 , ≤ 9.12.15
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g180\/l-ca_firmware |
Affected:
0 , ≤ 21.7.28B
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g120_firmware |
Affected:
0 , ≤ 21.15.2
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
0 , ≤ 21.7.30C
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g100_firmware |
Affected:
0 , ≤ 6.23.10
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , ≤ 21.15.5
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
0 , ≤ 21.12.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x64_firmware |
Affected:
0 , ≤ 21.7.31
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x86_firmware |
Affected:
0 , ≤ 10.1.4
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-1200_firmware |
Affected:
0 , ≤ 5.25.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-130\/c_firmware |
Affected:
0 , ≤ 5.13.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-155\/c_firmware |
Affected:
0 , ≤ 5.22.5M
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-125\/cx_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-120\/c_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_wxr-250_firmware |
Affected:
0 , ≤ 1.4.7
(custom)
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T19:34:01.135233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:43:36.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T04:45:52.077Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36491",
"datePublished": "2024-07-17T08:50:11.777Z",
"dateReserved": "2024-06-06T06:08:01.273Z",
"dateUpdated": "2025-04-08T20:43:36.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36475 (GCVE-0-2024-36475)
Vulnerability from nvd – Published: 2024-07-17 08:48 – Updated: 2024-08-02 03:37
VLAI
Summary
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Active debug code
- CWE-489 - Active Debug Code
Assigner
References
Impacted products
44 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.3 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G200 series |
Affected:
firmware version 9.12.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.28B and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.7.30C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x64 |
Affected:
firmware version 21.7.31 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x86 |
Affected:
firmware version 10.1.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
firmware version 5.25.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
firmware version 5.13.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C series |
Affected:
firmware version 5.22.5M and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
firmware version 1.4.7 and earlier
|
|
| centurysys | futurenet_nxr-1300_firmware |
Affected:
0 , ≤ 7.4.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-650_firmware |
Affected:
0 , ≤ 21.16.1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-610x_firmware |
Affected:
0 , ≤ 21.14.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-530_firmware |
Affected:
0 , ≤ 21.11.13
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-350\/c_firmware |
Affected:
0 , ≤ 5.30.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-230\/c_firmware |
Affected:
0 , ≤ 5.30.12
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-160\/lw_firmware |
Affected:
0 , ≤ 21.8.3
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g200_firmware |
Affected:
0 , ≤ 9.12.15
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g180\/l-ca_firmware |
Affected:
0 , ≤ 21.7.28B
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g120_firmware |
Affected:
0 , ≤ 21.15.2
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
0 , ≤ 21.7.30C
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g100_firmware |
Affected:
0 , ≤ 6.23.10
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , ≤ 21.15.5
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
0 , ≤ 21.12.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x64_firmware |
Affected:
0 , ≤ 21.7.31
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x86_firmware |
Affected:
0 , ≤ 10.1.4
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-1200_firmware |
Affected:
0 , ≤ 5.25.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-130\/c_firmware |
Affected:
0 , ≤ 5.13.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-155\/c_firmware |
Affected:
0 , ≤ 5.22.5M
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-125\/cx_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-120\/c_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_wxr-250_firmware |
Affected:
0 , ≤ 1.4.7
(custom)
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T19:32:43.680364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T19:40:17.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Active debug code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T08:48:33.524Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36475",
"datePublished": "2024-07-17T08:48:33.524Z",
"dateReserved": "2024-06-06T06:08:00.324Z",
"dateUpdated": "2024-08-02T03:37:05.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31070 (GCVE-0-2024-31070)
Vulnerability from nvd – Published: 2024-07-17 08:47 – Updated: 2024-08-02 01:46
VLAI
Summary
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Initialization of a Resource with an Insecure Default
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
Impacted products
44 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.3 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G200 series |
Affected:
firmware version 9.12.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.28B and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.7.30C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x64 |
Affected:
firmware version 21.7.31 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x86 |
Affected:
firmware version 10.1.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
firmware version 5.25.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
firmware version 5.13.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C series |
Affected:
firmware version 5.22.5M and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
firmware version 1.4.7 and earlier
|
|
| centurysys | futurenet_nxr-1300_firmware |
Affected:
0 , ≤ 7.4.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-650_firmware |
Affected:
0 , ≤ 21.16.1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-610x_firmware |
Affected:
0 , ≤ 21.14.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-530_firmware |
Affected:
0 , ≤ 21.11.13
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-350\/c_firmware |
Affected:
0 , ≤ 5.30.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-230\/c_firmware |
Affected:
0 , ≤ 5.30.12
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-160\/lw_firmware |
Affected:
0 , ≤ 21.8.3
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g200_firmware |
Affected:
0 , ≤ 9.12.15
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g180\/l-ca_firmware |
Affected:
0 , ≤ 21.7.28B
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g120_firmware |
Affected:
0 , ≤ 21.15.2
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
0 , ≤ 21.7.30C
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g100_firmware |
Affected:
0 , ≤ 6.23.10
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , ≤ 21.15.5
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
0 , ≤ 21.12.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x64_firmware |
Affected:
0 , ≤ 21.7.31
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x86_firmware |
Affected:
0 , ≤ 10.1.4
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-1200_firmware |
Affected:
0 , ≤ 5.25.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-130\/c_firmware |
Affected:
0 , ≤ 5.13.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-155\/c_firmware |
Affected:
0 , ≤ 5.22.5M
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-125\/cx_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-120\/c_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_wxr-250_firmware |
Affected:
0 , ≤ 1.4.7
(custom)
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T13:17:01.773769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T14:09:58.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:04.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T08:47:22.506Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31070",
"datePublished": "2024-07-17T08:47:22.506Z",
"dateReserved": "2024-06-06T06:07:59.482Z",
"dateUpdated": "2024-08-02T01:46:04.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54763 (GCVE-0-2025-54763)
Vulnerability from cvelistv5 – Published: 2025-10-31 05:55 – Updated: 2025-10-31 17:15
VLAI
Summary
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet MA-X series |
Affected:
from 6.0.0 to 6.4.1
|
|
| Century Systems Co., Ltd. | FutureNet MA-E300 series |
Affected:
from 5.0.0 to 6.2.1
|
|
| Century Systems Co., Ltd. | FutureNet MA-S series |
Affected:
from 5.0.0 to 6.4.0
|
|
| Century Systems Co., Ltd. | FutureNet MA-P series |
Affected:
from 5.0.0 to 6.4.0
|
|
| Century Systems Co., Ltd. | FutureNet IP-K series |
Affected:
from 2.0.0 to 2.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T17:09:21.191509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T17:15:10.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet MA-X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 6.0.0 to 6.4.1"
}
]
},
{
"product": "FutureNet MA-E300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.2.1"
}
]
},
{
"product": "FutureNet MA-S series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.4.0"
}
]
},
{
"product": "FutureNet MA-P series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.4.0"
}
]
},
{
"product": "FutureNet IP-K series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 2.0.0 to 2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T05:55:24.573Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98191201/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-54763",
"datePublished": "2025-10-31T05:55:24.573Z",
"dateReserved": "2025-10-17T08:08:15.679Z",
"dateUpdated": "2025-10-31T17:15:10.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58152 (GCVE-0-2025-58152)
Vulnerability from cvelistv5 – Published: 2025-10-31 05:55 – Updated: 2025-10-31 17:07
VLAI
Summary
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-552 - Files or directories accessible to external parties
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet MA-X series |
Affected:
from 6.0.0 to 6.4.1
|
|
| Century Systems Co., Ltd. | FutureNet MA-E300 series |
Affected:
from 5.0.0 to 6.2.1
|
|
| Century Systems Co., Ltd. | FutureNet MA-S series |
Affected:
from 5.0.0 to 6.4.0
|
|
| Century Systems Co., Ltd. | FutureNet MA-P series |
Affected:
from 5.0.0 to 6.4.0
|
|
| Century Systems Co., Ltd. | FutureNet IP-K series |
Affected:
from 2.0.0 to 2.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T17:07:21.751490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T17:07:56.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet MA-X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 6.0.0 to 6.4.1"
}
]
},
{
"product": "FutureNet MA-E300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.2.1"
}
]
},
{
"product": "FutureNet MA-S series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.4.0"
}
]
},
{
"product": "FutureNet MA-P series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.4.0"
}
]
},
{
"product": "FutureNet IP-K series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 2.0.0 to 2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or directories accessible to external parties",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T05:55:02.996Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98191201/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58152",
"datePublished": "2025-10-31T05:55:02.996Z",
"dateReserved": "2025-10-17T08:08:12.702Z",
"dateUpdated": "2025-10-31T17:07:56.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30485 (GCVE-0-2025-30485)
Vulnerability from cvelistv5 – Published: 2025-04-03 06:18 – Updated: 2025-04-03 13:41
VLAI
Summary
UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-61 - UNIX symbolic link (Symlink) following
Assigner
References
2 references
Impacted products
32 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1420 |
Affected:
firmware version 31.0.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11D and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G540 series |
Affected:
firmware version 21.17.0
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G260 series |
Affected:
firmware version 9.12.17 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G240 series |
Affected:
firmware version 9.12.17 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.33 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2C1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.15.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.6C2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR-x64 |
Affected:
firmware version 21.7.33 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR-x86 |
Affected:
firmware version 10.1.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C-L |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C-XW |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C-WM |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100/SLW |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100/SL |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100/S |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100/N |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100/F |
Affected:
N/A
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T13:39:37.971930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T13:41:26.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1420",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 31.0.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11D and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9C and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-G540 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.17.0"
}
]
},
{
"product": "FutureNet NXR-G260 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.17 and earlier"
}
]
},
{
"product": "FutureNet NXR-G240 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.17 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.33 and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2C1 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.6C2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.11 and earlier"
}
]
},
{
"product": "FutureNet VXR-x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.33 and earlier"
}
]
},
{
"product": "FutureNet VXR-x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-155/C-L",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-155/C-XW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-155/C-WM",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-G100/SLW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-G100/SL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-G100/S",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-G100/N",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet NXR-G100/F",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "UNIX symbolic link (Symlink) following",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T06:18:36.311Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92821536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-30485",
"datePublished": "2025-04-03T06:18:36.311Z",
"dateReserved": "2025-03-24T00:55:23.294Z",
"dateUpdated": "2025-04-03T13:41:26.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25280 (GCVE-0-2025-25280)
Vulnerability from cvelistv5 – Published: 2025-03-03 08:25 – Updated: 2025-03-03 14:53
VLAI
Summary
Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer overflow
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet AS-250/S |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/F-SC |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/F-KO |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/NL |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/KL |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/KL Rev2 |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/L |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/L |
Affected:
firmware Version 3.0.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/KL |
Affected:
firmware Version 3.0.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/NL |
Affected:
firmware Version 3.0.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-P250/NL |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-P250/KL |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-210/U4 |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet FA-210 |
Affected:
firmware Version 1.1.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet FA-215 |
Affected:
firmware Version 1.0.1 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T14:52:46.483841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T14:53:08.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet AS-250/S",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/F-SC",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/F-KO",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/KL Rev2",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet AS-250/L",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/L",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 3.0.0 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 3.0.0 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 3.0.0 and earlier"
}
]
},
{
"product": "FutureNet AS-P250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet AS-P250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet AS-210/U4",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet FA-210",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.1.9 and earlier"
}
]
},
{
"product": "FutureNet FA-215",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T08:25:16.938Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96398949/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25280",
"datePublished": "2025-03-03T08:25:16.938Z",
"dateReserved": "2025-02-17T04:46:45.646Z",
"dateUpdated": "2025-03-03T14:53:08.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24846 (GCVE-0-2025-24846)
Vulnerability from cvelistv5 – Published: 2025-03-03 08:23 – Updated: 2025-03-03 13:17
VLAI
Summary
Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
2 references
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet AS-250/S |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/F-SC |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/F-KO |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/NL |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/KL |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/KL Rev2 |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/L |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/L |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/KL |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/NL |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-P250/NL |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-P250/KL |
Affected:
firmware Version 2.6.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-210/U4 |
Affected:
firmware Version 2.6.4 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T13:15:19.774363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T13:17:41.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet AS-250/S",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/F-SC",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/F-KO",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/KL Rev2",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-250/L",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/L",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-P250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-P250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
},
{
"product": "FutureNet AS-210/U4",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T08:23:52.407Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96398949/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24846",
"datePublished": "2025-03-03T08:23:52.407Z",
"dateReserved": "2025-02-17T04:46:48.959Z",
"dateUpdated": "2025-03-03T13:17:41.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50357 (GCVE-0-2024-50357)
Vulnerability from cvelistv5 – Published: 2024-11-29 09:06 – Updated: 2024-12-02 18:15
VLAI
Summary
FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product's settings via REST-APIs.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-684 - Incorrect provision of specified functionality
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware versions 21.15.7 and later but prior to 21.15.9
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware versions prior to 21.15.6C1
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware versions 21.12.5 and later but prior to 21.12.11
|
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
21.15.7 , < 21.15.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , < 21.15.6C1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
21.12.5 , < 21.12.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThan": "21.15.9",
"status": "affected",
"version": "21.15.7",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThan": "21.15.6C1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThan": "21.12.11",
"status": "affected",
"version": "21.12.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T13:27:09.092320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T18:15:27.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware versions 21.15.7 and later but prior to 21.15.9"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to 21.15.6C1"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware versions 21.12.5 and later but prior to 21.12.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product\u0027s settings via REST-APIs."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-684",
"description": "Incorrect provision of specified functionality",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T09:06:56.251Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20241031-01.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95001899/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-50357",
"datePublished": "2024-11-29T09:06:56.251Z",
"dateReserved": "2024-10-23T04:47:33.910Z",
"dateUpdated": "2024-12-02T18:15:27.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36491 (GCVE-0-2024-36491)
Vulnerability from cvelistv5 – Published: 2024-07-17 08:50 – Updated: 2025-04-08 20:43
VLAI
Summary
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
44 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.3 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G200 series |
Affected:
firmware version 9.12.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.28B and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.7.30C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x64 |
Affected:
firmware version 21.7.31 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x86 |
Affected:
firmware version 10.1.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
firmware version 5.25.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
firmware version 5.13.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C series |
Affected:
firmware version 5.22.5M and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
firmware version 1.4.7 and earlier
|
|
| centurysys | futurenet_nxr-1300_firmware |
Affected:
0 , ≤ 7.4.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-650_firmware |
Affected:
0 , ≤ 21.16.1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-610x_firmware |
Affected:
0 , ≤ 21.14.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-530_firmware |
Affected:
0 , ≤ 21.11.13
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-350\/c_firmware |
Affected:
0 , ≤ 5.30.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-230\/c_firmware |
Affected:
0 , ≤ 5.30.12
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-160\/lw_firmware |
Affected:
0 , ≤ 21.8.3
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g200_firmware |
Affected:
0 , ≤ 9.12.15
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g180\/l-ca_firmware |
Affected:
0 , ≤ 21.7.28B
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g120_firmware |
Affected:
0 , ≤ 21.15.2
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
0 , ≤ 21.7.30C
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g100_firmware |
Affected:
0 , ≤ 6.23.10
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , ≤ 21.15.5
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
0 , ≤ 21.12.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x64_firmware |
Affected:
0 , ≤ 21.7.31
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x86_firmware |
Affected:
0 , ≤ 10.1.4
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-1200_firmware |
Affected:
0 , ≤ 5.25.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-130\/c_firmware |
Affected:
0 , ≤ 5.13.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-155\/c_firmware |
Affected:
0 , ≤ 5.22.5M
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-125\/cx_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-120\/c_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_wxr-250_firmware |
Affected:
0 , ≤ 1.4.7
(custom)
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T19:34:01.135233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:43:36.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T04:45:52.077Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36491",
"datePublished": "2024-07-17T08:50:11.777Z",
"dateReserved": "2024-06-06T06:08:01.273Z",
"dateUpdated": "2025-04-08T20:43:36.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36475 (GCVE-0-2024-36475)
Vulnerability from cvelistv5 – Published: 2024-07-17 08:48 – Updated: 2024-08-02 03:37
VLAI
Summary
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Active debug code
- CWE-489 - Active Debug Code
Assigner
References
Impacted products
44 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.3 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G200 series |
Affected:
firmware version 9.12.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.28B and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.7.30C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x64 |
Affected:
firmware version 21.7.31 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x86 |
Affected:
firmware version 10.1.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
firmware version 5.25.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
firmware version 5.13.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C series |
Affected:
firmware version 5.22.5M and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
firmware version 1.4.7 and earlier
|
|
| centurysys | futurenet_nxr-1300_firmware |
Affected:
0 , ≤ 7.4.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-650_firmware |
Affected:
0 , ≤ 21.16.1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-610x_firmware |
Affected:
0 , ≤ 21.14.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-530_firmware |
Affected:
0 , ≤ 21.11.13
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-350\/c_firmware |
Affected:
0 , ≤ 5.30.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-230\/c_firmware |
Affected:
0 , ≤ 5.30.12
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-160\/lw_firmware |
Affected:
0 , ≤ 21.8.3
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g200_firmware |
Affected:
0 , ≤ 9.12.15
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g180\/l-ca_firmware |
Affected:
0 , ≤ 21.7.28B
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g120_firmware |
Affected:
0 , ≤ 21.15.2
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
0 , ≤ 21.7.30C
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g100_firmware |
Affected:
0 , ≤ 6.23.10
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , ≤ 21.15.5
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
0 , ≤ 21.12.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x64_firmware |
Affected:
0 , ≤ 21.7.31
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x86_firmware |
Affected:
0 , ≤ 10.1.4
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-1200_firmware |
Affected:
0 , ≤ 5.25.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-130\/c_firmware |
Affected:
0 , ≤ 5.13.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-155\/c_firmware |
Affected:
0 , ≤ 5.22.5M
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-125\/cx_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-120\/c_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_wxr-250_firmware |
Affected:
0 , ≤ 1.4.7
(custom)
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T19:32:43.680364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T19:40:17.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Active debug code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T08:48:33.524Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36475",
"datePublished": "2024-07-17T08:48:33.524Z",
"dateReserved": "2024-06-06T06:08:00.324Z",
"dateUpdated": "2024-08-02T03:37:05.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31070 (GCVE-0-2024-31070)
Vulnerability from cvelistv5 – Published: 2024-07-17 08:47 – Updated: 2024-08-02 01:46
VLAI
Summary
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Initialization of a Resource with an Insecure Default
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
Impacted products
44 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-650 |
Affected:
firmware version 21.16.1 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-610X series |
Affected:
firmware version 21.14.11 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-530 |
Affected:
firmware version 21.11.13 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-350/C |
Affected:
firmware version 5.30.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-230/C |
Affected:
firmware version 5.30.12 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-160/LW |
Affected:
firmware version 21.8.3 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G200 series |
Affected:
firmware version 9.12.15 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA |
Affected:
firmware version 21.7.28B and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G120 series |
Affected:
firmware version 21.15.2 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G110 series |
Affected:
firmware version 21.7.30C and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G100 series |
Affected:
firmware version 6.23.10 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G060 series |
Affected:
firmware version 21.15.5 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-G050 series |
Affected:
firmware version 21.12.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x64 |
Affected:
firmware version 21.7.31 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet VXR/x86 |
Affected:
firmware version 10.1.4 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-1200 |
Affected:
firmware version 5.25.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-130/C |
Affected:
firmware version 5.13.21 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-155/C series |
Affected:
firmware version 5.22.5M and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-125/CX |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet NXR-120/C |
Affected:
firmware version 5.25.7H and earlier
|
|
| Century Systems Co., Ltd. | FutureNet WXR-250 |
Affected:
firmware version 1.4.7 and earlier
|
|
| centurysys | futurenet_nxr-1300_firmware |
Affected:
0 , ≤ 7.4.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-650_firmware |
Affected:
0 , ≤ 21.16.1
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-610x_firmware |
Affected:
0 , ≤ 21.14.11
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-530_firmware |
Affected:
0 , ≤ 21.11.13
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-350\/c_firmware |
Affected:
0 , ≤ 5.30.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-230\/c_firmware |
Affected:
0 , ≤ 5.30.12
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-160\/lw_firmware |
Affected:
0 , ≤ 21.8.3
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g200_firmware |
Affected:
0 , ≤ 9.12.15
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g180\/l-ca_firmware |
Affected:
0 , ≤ 21.7.28B
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g120_firmware |
Affected:
0 , ≤ 21.15.2
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g110_firmware |
Affected:
0 , ≤ 21.7.30C
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g100_firmware |
Affected:
0 , ≤ 6.23.10
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g060_firmware |
Affected:
0 , ≤ 21.15.5
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-g050_firmware |
Affected:
0 , ≤ 21.12.9
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x64_firmware |
Affected:
0 , ≤ 21.7.31
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_vxr\/x86_firmware |
Affected:
0 , ≤ 10.1.4
(custom)
cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-1200_firmware |
Affected:
0 , ≤ 5.25.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-130\/c_firmware |
Affected:
0 , ≤ 5.13.21
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-155\/c_firmware |
Affected:
0 , ≤ 5.22.5M
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-125\/cx_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_nxr-120\/c_firmware |
Affected:
0 , ≤ 5.25.7H
(custom)
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:* |
|
| centurysys | futurenet_wxr-250_firmware |
Affected:
0 , ≤ 1.4.7
(custom)
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T13:17:01.773769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T14:09:58.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:04.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T08:47:22.506Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31070",
"datePublished": "2024-07-17T08:47:22.506Z",
"dateReserved": "2024-06-06T06:07:59.482Z",
"dateUpdated": "2024-08-02T01:46:04.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}