CVE-2024-36475 - Vulnerability Details

Description

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

Published: 2024-07-17

Score: 7.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Century Systems Co., Ltd.

FutureNet NXR-1300 series

affected

Version	Status	Constraints
`firmware version 7.4.9 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-650

affected

Version	Status	Constraints
`firmware version 21.16.1 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-610X series

affected

Version	Status	Constraints
`firmware version 21.14.11 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-530

affected

Version	Status	Constraints
`firmware version 21.11.13 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-350/C

affected

Version	Status	Constraints
`firmware version 5.30.9 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-230/C

affected

Version	Status	Constraints
`firmware version 5.30.12 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-160/LW

affected

Version	Status	Constraints
`firmware version 21.8.3 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-G200 series

affected

Version	Status	Constraints
`firmware version 9.12.15 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-G180/L-CA

affected

Version	Status	Constraints
`firmware version 21.7.28B and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-G120 series

affected

Version	Status	Constraints
`firmware version 21.15.2 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-G110 series

affected

Version	Status	Constraints
`firmware version 21.7.30C and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-G100 series

affected

Version	Status	Constraints
`firmware version 6.23.10 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-G060 series

affected

Version	Status	Constraints
`firmware version 21.15.5 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-G050 series

affected

Version	Status	Constraints
`firmware version 21.12.9 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet VXR/x64

affected

Version	Status	Constraints
`firmware version 21.7.31 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet VXR/x86

affected

Version	Status	Constraints
`firmware version 10.1.4 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-1200

affected

Version	Status	Constraints
`firmware version 5.25.21 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-130/C

affected

Version	Status	Constraints
`firmware version 5.13.21 and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-155/C series

affected

Version	Status	Constraints
`firmware version 5.22.5M and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-125/CX

affected

Version	Status	Constraints
`firmware version 5.25.7H and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet NXR-120/C

affected

Version	Status	Constraints
`firmware version 5.25.7H and earlier`	affected	—

Century Systems Co., Ltd.

FutureNet WXR-250

affected

Version	Status	Constraints
`firmware version 1.4.7 and earlier`	affected	—

Configuration 1 [-]

OR	cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_vxr-x64::::::::
	cpe:2.3:o:centurysys:futurenet_vxr-x86::::::::

Configuration 2 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-650:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-125\/cx:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00507.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://jvn.jp/en/vu/JVNVU96424864/
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html

History

Fri, 27 Sep 2024 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Centurysys futurenet Nxr-1200 Centurysys futurenet Nxr-120\/c Centurysys futurenet Nxr-125\/cx Centurysys futurenet Nxr-130\/c Centurysys futurenet Nxr-160\/lw Centurysys futurenet Nxr-230\/c Centurysys futurenet Nxr-350\/c Centurysys futurenet Nxr-530 Centurysys futurenet Nxr-650 Centurysys futurenet Nxr-g180\/l-ca Centurysys futurenet Vxr-x64 Centurysys futurenet Vxr-x86 Centurysys futurenet Wxr-250
Weaknesses		CWE-78
CPEs		cpe:2.3:h:centurysys:futurenet_nxr-1200:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-125\/cx:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-530:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-650:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:::::::* cpe:2.3:h:centurysys:futurenet_wxr-250:-:::::::* cpe:2.3:o:centurysys:futurenet_vxr-x64:::::::: cpe:2.3:o:centurysys:futurenet_vxr-x86::::::::
Vendors & Products		Centurysys futurenet Nxr-1200 Centurysys futurenet Nxr-120\/c Centurysys futurenet Nxr-125\/cx Centurysys futurenet Nxr-130\/c Centurysys futurenet Nxr-160\/lw Centurysys futurenet Nxr-230\/c Centurysys futurenet Nxr-350\/c Centurysys futurenet Nxr-530 Centurysys futurenet Nxr-650 Centurysys futurenet Nxr-g180\/l-ca Centurysys futurenet Vxr-x64 Centurysys futurenet Vxr-x86 Centurysys futurenet Wxr-250

Subscriptions

Centurysys Futurenet Nxr-1200 Futurenet Nxr-1200 Firmware Futurenet Nxr-120\/c Futurenet Nxr-120\/c Firmware Futurenet Nxr-125\/cx Futurenet Nxr-125\/cx Firmware Futurenet Nxr-1300 Firmware Futurenet Nxr-130\/c Futurenet Nxr-130\/c Firmware Futurenet Nxr-155\/c Firmware Futurenet Nxr-160\/lw Futurenet Nxr-160\/lw Firmware Futurenet Nxr-230\/c Futurenet Nxr-230\/c Firmware Futurenet Nxr-350\/c Futurenet Nxr-350\/c Firmware Futurenet Nxr-530 Futurenet Nxr-530 Firmware Futurenet Nxr-610x Firmware Futurenet Nxr-650 Futurenet Nxr-650 Firmware Futurenet Nxr-g050 Firmware Futurenet Nxr-g060 Firmware Futurenet Nxr-g100 Firmware Futurenet Nxr-g110 Firmware Futurenet Nxr-g120 Firmware Futurenet Nxr-g180\/l-ca Futurenet Nxr-g180\/l-ca Firmware Futurenet Nxr-g200 Firmware Futurenet Vxr-x64 Futurenet Vxr-x86 Futurenet Vxr\/x64 Firmware Futurenet Vxr\/x86 Firmware Futurenet Wxr-250 Futurenet Wxr-250 Firmware

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-07-17T08:48:33.524Z

Updated: 2024-08-02T03:37:05.246Z

Reserved: 2024-06-06T06:08:00.324Z

Link: CVE-2024-36475

Vulnrichment

Updated: 2024-07-25T19:35:41.992Z

NVD

Status : Modified

Published: 2024-07-17T09:15:03.013

Modified: 2024-11-21T09:22:15.240

Link: CVE-2024-36475

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object