{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36475", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-06-06T06:08:00.324Z", "datePublished": "2024-07-17T08:48:33.524Z", "dateUpdated": "2024-08-02T03:37:05.246Z"}, "containers": {"cna": {"affected": [{"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-1300 series", "versions": [{"version": "firmware version 7.4.9 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-650", "versions": [{"version": "firmware version 21.16.1 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-610X series", "versions": [{"version": "firmware version 21.14.11 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-530", "versions": [{"version": "firmware version 21.11.13 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-350/C", "versions": [{"version": "firmware version 5.30.9 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-230/C", "versions": [{"version": "firmware version 5.30.12 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-160/LW", "versions": [{"version": "firmware version 21.8.3 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G200 series", "versions": [{"version": "firmware version 9.12.15 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G180/L-CA", "versions": [{"version": "firmware version 21.7.28B and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G120 series", "versions": [{"version": "firmware version 21.15.2 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G110 series", "versions": [{"version": "firmware version 21.7.30C and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100 series", "versions": [{"version": "firmware version 6.23.10 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G060 series", "versions": [{"version": "firmware version 21.15.5 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G050 series", "versions": [{"version": "firmware version 21.12.9 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet VXR/x64", "versions": [{"version": "firmware version 21.7.31 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet VXR/x86", "versions": [{"version": "firmware version 10.1.4 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-1200", "versions": [{"version": "firmware version 5.25.21 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-130/C", "versions": [{"version": "firmware version 5.13.21 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-155/C series", "versions": [{"version": "firmware version 5.22.5M and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-125/CX", "versions": [{"version": "firmware version 5.25.7H and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-120/C", "versions": [{"version": "firmware version 5.25.7H and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet WXR-250", "versions": [{"version": "firmware version 1.4.7 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed."}], "problemTypes": [{"descriptions": [{"description": "Active debug code", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"}, {"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"}, {"url": "https://jvn.jp/en/vu/JVNVU96424864/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-07-17T08:48:33.524Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-489", "lang": "en", "description": "CWE-489 Active Debug Code"}]}], "affected": [{"vendor": "centurysys", "product": "futurenet_nxr-1300_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "7.4.9", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-650_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "21.16.1", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-610x_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "21.14.11", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-530_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "21.11.13", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-350\\/c_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.30.9", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-230\\/c_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.30.12", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-160\\/lw_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "21.8.3", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-g200_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "9.12.15", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-g180\\/l-ca_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "21.7.28B", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-g120_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "21.15.2", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-g110_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "21.7.30C", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-g100_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.23.10", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-g060_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "21.15.5", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-g050_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "21.12.9", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_vxr\\/x64_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "21.7.31", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_vxr\\/x86_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "10.1.4", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-1200_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.25.21", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-130\\/c_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.13.21", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-155\\/c_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.22.5M", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-125\\/cx_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.25.7H", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_nxr-120\\/c_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.25.7H", "versionType": "custom"}]}, {"vendor": "centurysys", "product": "futurenet_wxr-250_firmware", "cpes": ["cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.4.7", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-25T19:32:43.680364Z", "id": "CVE-2024-36475", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T19:40:17.396Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:05.246Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html", "tags": ["x_transferred"]}, {"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU96424864/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-36475", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-25T19:32:43.680364Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-1300_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "7.4.9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-650_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "21.16.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-610x_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "21.14.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-530_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "21.11.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-350\\/c_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.30.9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-230\\/c_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.30.12"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-160\\/lw_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "21.8.3"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-g200_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "9.12.15"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-g180\\/l-ca_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "21.7.28B"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-g120_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "21.15.2"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-g110_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "21.7.30C"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-g100_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.23.10"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-g060_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "21.15.5"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-g050_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "21.12.9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_vxr\\/x64_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "21.7.31"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_vxr\\/x86_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.1.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-1200_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.25.21"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-130\\/c_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.13.21"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-155\\/c_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.22.5M"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-125\\/cx_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.25.7H"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_nxr-120\\/c_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.25.7H"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"], "vendor": "centurysys", "product": "futurenet_wxr-250_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.4.7"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-489", "description": "CWE-489 Active Debug Code"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T19:35:41.992Z"}}], "cna": {"affected": [{"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-1300 series", "versions": [{"status": "affected", "version": "firmware version 7.4.9 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-650", "versions": [{"status": "affected", "version": "firmware version 21.16.1 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-610X series", "versions": [{"status": "affected", "version": "firmware version 21.14.11 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-530", "versions": [{"status": "affected", "version": "firmware version 21.11.13 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-350/C", "versions": [{"status": "affected", "version": "firmware version 5.30.9 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-230/C", "versions": [{"status": "affected", "version": "firmware version 5.30.12 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-160/LW", "versions": [{"status": "affected", "version": "firmware version 21.8.3 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G200 series", "versions": [{"status": "affected", "version": "firmware version 9.12.15 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G180/L-CA", "versions": [{"status": "affected", "version": "firmware version 21.7.28B and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G120 series", "versions": [{"status": "affected", "version": "firmware version 21.15.2 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G110 series", "versions": [{"status": "affected", "version": "firmware version 21.7.30C and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100 series", "versions": [{"status": "affected", "version": "firmware version 6.23.10 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G060 series", "versions": [{"status": "affected", "version": "firmware version 21.15.5 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G050 series", "versions": [{"status": "affected", "version": "firmware version 21.12.9 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet VXR/x64", "versions": [{"status": "affected", "version": "firmware version 21.7.31 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet VXR/x86", "versions": [{"status": "affected", "version": "firmware version 10.1.4 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-1200", "versions": [{"status": "affected", "version": "firmware version 5.25.21 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-130/C", "versions": [{"status": "affected", "version": "firmware version 5.13.21 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-155/C series", "versions": [{"status": "affected", "version": "firmware version 5.22.5M and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-125/CX", "versions": [{"status": "affected", "version": "firmware version 5.25.7H and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-120/C", "versions": [{"status": "affected", "version": "firmware version 5.25.7H and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet WXR-250", "versions": [{"status": "affected", "version": "firmware version 1.4.7 and earlier"}]}], "references": [{"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"}, {"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"}, {"url": "https://jvn.jp/en/vu/JVNVU96424864/"}], "descriptions": [{"lang": "en", "value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Active debug code"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-07-17T08:48:33.524Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36475", "state": "PUBLISHED", "dateUpdated": "2024-07-25T19:40:17.396Z", "dateReserved": "2024-06-06T06:08:00.324Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-07-17T08:48:33.524Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "93E1B6BE-9BC9-42A1-BAAD-F3B77480E39E", "versionEndExcluding": "7.4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB857995-8BB6-43D8-8312-A07A9B0406EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAE4D3F9-8AD2-4E7F-A775-C7F9CDB2AF86", "versionEndExcluding": "21.14.11c", "vulnerable": true}, {"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A13E427-5D4C-438F-8138-32CFB0891B4A", "versionEndExcluding": "21.12.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "201D26E0-8485-4BBD-B5CB-AFAB668A3BCB", "versionEndExcluding": "21.15.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4236D6DC-2190-4280-9667-DFF95C065800", "versionEndExcluding": "6.23.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C488D0A-3B6E-4C8B-9C05-C68E67A26E51", "versionEndExcluding": "21.7.32", "vulnerable": true}, {"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "10F93F4E-CFA1-4FE4-9FDB-D9C58B5967A4", "versionEndExcluding": "21.15.2c", "vulnerable": true}, {"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7016BF10-A68A-489E-AEE8-92B7CE768190", "versionEndExcluding": "9.12.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4218167-7FDF-4ED7-B776-724504E8E5AF", "versionEndExcluding": "21.7.32", "vulnerable": true}, {"criteria": "cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*", "matchCriteriaId": "663661B7-9552-4E05-952F-3BD491B30B20", "versionEndExcluding": "10.1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A03D7A97-5D7B-4A10-A83E-07DDEBC5F1F2", "versionEndExcluding": "21.8.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:centurysys:futurenet_nxr-160\\/lw:-:*:*:*:*:*:*:*", "matchCriteriaId": "87410133-A2F3-4592-A808-04AFA816953C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "85AD66C6-DF0F-4BC1-B979-C2BB8F09CBC9", "versionEndExcluding": "5.30.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:centurysys:futurenet_nxr-230\\/c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8FE0C63-8CF3-485C-8E8E-7C39AA07006F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A40EC07-7E1F-40F8-BE4B-DF03ED12E913", "versionEndExcluding": "5.30.9c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:centurysys:futurenet_nxr-350\\/c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0B53442-E424-4FA2-9049-B66AF2B39200", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBB1B1A5-A8FF-47E4-B544-407D7EFD39D7", "versionEndExcluding": "21.11.14", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*", "matchCriteriaId": "35845A42-42A5-4042-BCEA-8015F8CB5C37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBFB68AA-BA4A-4DF6-916A-D2597C1B65AE", "versionEndExcluding": "21.16.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:centurysys:futurenet_nxr-650:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2A05CBE-5537-496C-BCB9-DEDE5DCB3A70", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "58FE55C1-3266-4183-8DD7-9F73F4B18446", "versionEndExcluding": "21.7.28c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:centurysys:futurenet_nxr-g180\\/l-ca:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A0AEA14-2DF2-4E0E-AB16-49DC74F6CC78", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E78D5D52-53FD-4F1A-9B39-F43A6A718082", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:centurysys:futurenet_nxr-130\\/c:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9AE2019-F134-4D0C-991E-613BED91BB7B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B54CBE1A-E6E0-4C94-A187-B3B16BAF09A8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:centurysys:futurenet_nxr-125\\/cx:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B567654-440B-4173-90C8-BE3DFB0447C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "955F9BBA-FDA1-46C5-ACD9-86661D7C6027", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:centurysys:futurenet_nxr-120\\/c:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFF4A7DC-3DBB-4CCD-B8B0-F4BFB188C135", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F62ECC5-D4AA-4C75-AD1D-8C130E9C7118", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "44B45729-2265-4DB0-BD01-F133C7B2C857", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "55D6BD64-221C-48A1-8A54-F41BDDE0A199", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*", "matchCriteriaId": "70F6FF8E-4303-4213-9603-B81ACA9CEE8E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed."}, {"lang": "es", "value": "Las series FutureNet NXR, VXR y WXR proporcionadas por Century Systems Co., Ltd. contienen una vulnerabilidad de c\u00f3digo de depuraci\u00f3n activa. Si un usuario que sabe c\u00f3mo utilizar la funci\u00f3n de depuraci\u00f3n inicia sesi\u00f3n en el producto, se puede utilizar la funci\u00f3n de depuraci\u00f3n y se puede ejecutar un comando arbitrario del sistema operativo."}], "id": "CVE-2024-36475", "lastModified": "2024-09-27T17:50:00.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-17T09:15:03.013", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU96424864/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-489"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}