FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00507.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Century Systems Co., Ltd. FutureNet NXR-1300 series affected
Version Status Constraints
firmware version 7.4.9 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-650 affected
Version Status Constraints
firmware version 21.16.1 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-610X series affected
Version Status Constraints
firmware version 21.14.11 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-530 affected
Version Status Constraints
firmware version 21.11.13 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-350/C affected
Version Status Constraints
firmware version 5.30.9 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-230/C affected
Version Status Constraints
firmware version 5.30.12 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-160/LW affected
Version Status Constraints
firmware version 21.8.3 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G200 series affected
Version Status Constraints
firmware version 9.12.15 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G180/L-CA affected
Version Status Constraints
firmware version 21.7.28B and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G120 series affected
Version Status Constraints
firmware version 21.15.2 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G110 series affected
Version Status Constraints
firmware version 21.7.30C and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G100 series affected
Version Status Constraints
firmware version 6.23.10 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G060 series affected
Version Status Constraints
firmware version 21.15.5 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G050 series affected
Version Status Constraints
firmware version 21.12.9 and earlier affected
Century Systems Co., Ltd. FutureNet VXR/x64 affected
Version Status Constraints
firmware version 21.7.31 and earlier affected
Century Systems Co., Ltd. FutureNet VXR/x86 affected
Version Status Constraints
firmware version 10.1.4 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-1200 affected
Version Status Constraints
firmware version 5.25.21 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-130/C affected
Version Status Constraints
firmware version 5.13.21 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-155/C series affected
Version Status Constraints
firmware version 5.22.5M and earlier affected
Century Systems Co., Ltd. FutureNet NXR-125/CX affected
Version Status Constraints
firmware version 5.25.7H and earlier affected
Century Systems Co., Ltd. FutureNet NXR-120/C affected
Version Status Constraints
firmware version 5.25.7H and earlier affected
Century Systems Co., Ltd. FutureNet WXR-250 affected
Version Status Constraints
firmware version 1.4.7 and earlier affected

Configuration 1 [-]

OR cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-650:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-125\/cx:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Centurysys Subscribe
Futurenet Nxr-1200 Subscribe
Futurenet Nxr-1200 Firmware Subscribe
Futurenet Nxr-120\/c Subscribe
Futurenet Nxr-120\/c Firmware Subscribe
Futurenet Nxr-125\/cx Subscribe
Futurenet Nxr-125\/cx Firmware Subscribe
Futurenet Nxr-1300 Firmware Subscribe
Futurenet Nxr-130\/c Subscribe
Futurenet Nxr-130\/c Firmware Subscribe
Futurenet Nxr-155\/c Firmware Subscribe
Futurenet Nxr-160\/lw Subscribe
Futurenet Nxr-160\/lw Firmware Subscribe
Futurenet Nxr-230\/c Subscribe
Futurenet Nxr-230\/c Firmware Subscribe
Futurenet Nxr-350\/c Subscribe
Futurenet Nxr-350\/c Firmware Subscribe
Futurenet Nxr-530 Subscribe
Futurenet Nxr-530 Firmware Subscribe
Futurenet Nxr-610x Firmware Subscribe
Futurenet Nxr-650 Subscribe
Futurenet Nxr-650 Firmware Subscribe
Futurenet Nxr-g050 Firmware Subscribe
Futurenet Nxr-g060 Firmware Subscribe
Futurenet Nxr-g100 Firmware Subscribe
Futurenet Nxr-g110 Firmware Subscribe
Futurenet Nxr-g120 Firmware Subscribe
Futurenet Nxr-g180\/l-ca Subscribe
Futurenet Nxr-g180\/l-ca Firmware Subscribe
Futurenet Nxr-g200 Firmware Subscribe
Futurenet Vxr-x64 Subscribe
Futurenet Vxr-x86 Subscribe
Futurenet Vxr\/x64 Firmware Subscribe
Futurenet Vxr\/x86 Firmware Subscribe
Futurenet Wxr-250 Subscribe
Futurenet Wxr-250 Firmware Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://jvn.jp/en/vu/JVNVU96424864/ cve-icon cve-icon
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html cve-icon cve-icon
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html cve-icon cve-icon
History

Fri, 27 Sep 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Centurysys futurenet Nxr-1200
Centurysys futurenet Nxr-120\/c
Centurysys futurenet Nxr-125\/cx
Centurysys futurenet Nxr-130\/c
Centurysys futurenet Nxr-160\/lw
Centurysys futurenet Nxr-230\/c
Centurysys futurenet Nxr-350\/c
Centurysys futurenet Nxr-530
Centurysys futurenet Nxr-650
Centurysys futurenet Nxr-g180\/l-ca
Centurysys futurenet Vxr-x64
Centurysys futurenet Vxr-x86
Centurysys futurenet Wxr-250
Weaknesses CWE-78
CPEs cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-125\/cx:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-650:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*
Vendors & Products Centurysys futurenet Nxr-1200
Centurysys futurenet Nxr-120\/c
Centurysys futurenet Nxr-125\/cx
Centurysys futurenet Nxr-130\/c
Centurysys futurenet Nxr-160\/lw
Centurysys futurenet Nxr-230\/c
Centurysys futurenet Nxr-350\/c
Centurysys futurenet Nxr-530
Centurysys futurenet Nxr-650
Centurysys futurenet Nxr-g180\/l-ca
Centurysys futurenet Vxr-x64
Centurysys futurenet Vxr-x86
Centurysys futurenet Wxr-250

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2024-08-02T03:37:05.246Z

Reserved: 2024-06-06T06:08:00.324Z

Link: CVE-2024-36475

cve-icon Vulnrichment

Updated: 2024-07-25T19:35:41.992Z

cve-icon NVD

Status : Modified

Published: 2024-07-17T09:15:03.013

Modified: 2024-11-21T09:22:15.240

Link: CVE-2024-36475

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses