OpenCVE

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Centurysys	Futurenet Nxr-1200 Futurenet Nxr-1200 Firmware Futurenet Nxr-120\/c Futurenet Nxr-120\/c Firmware Futurenet Nxr-125\/cx Futurenet Nxr-125\/cx Firmware Futurenet Nxr-1300 Firmware Futurenet Nxr-130\/c Futurenet Nxr-130\/c Firmware Futurenet Nxr-155\/c Firmware Futurenet Nxr-160\/lw Futurenet Nxr-160\/lw Firmware Futurenet Nxr-230\/c Futurenet Nxr-230\/c Firmware Futurenet Nxr-350\/c Futurenet Nxr-350\/c Firmware Futurenet Nxr-530 Futurenet Nxr-530 Firmware Futurenet Nxr-610x Firmware Futurenet Nxr-650 Futurenet Nxr-650 Firmware Futurenet Nxr-g050 Firmware Futurenet Nxr-g060 Firmware Futurenet Nxr-g100 Firmware Futurenet Nxr-g110 Firmware Futurenet Nxr-g120 Firmware Futurenet Nxr-g180\/l-ca Futurenet Nxr-g180\/l-ca Firmware Futurenet Nxr-g200 Firmware Futurenet Vxr-x64 Futurenet Vxr-x86 Futurenet Vxr\/x64 Firmware Futurenet Vxr\/x86 Firmware Futurenet Wxr-250 Futurenet Wxr-250 Firmware

Configuration 1 [-]

OR	cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_vxr-x64::::::::
	cpe:2.3:o:centurysys:futurenet_vxr-x86::::::::

Configuration 2 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-650:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-125\/cx:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/en/vu/JVNVU96424864/
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html

History

Fri, 27 Sep 2024 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Centurysys futurenet Nxr-1200 Centurysys futurenet Nxr-120\/c Centurysys futurenet Nxr-125\/cx Centurysys futurenet Nxr-130\/c Centurysys futurenet Nxr-160\/lw Centurysys futurenet Nxr-230\/c Centurysys futurenet Nxr-350\/c Centurysys futurenet Nxr-530 Centurysys futurenet Nxr-650 Centurysys futurenet Nxr-g180\/l-ca Centurysys futurenet Vxr-x64 Centurysys futurenet Vxr-x86 Centurysys futurenet Wxr-250
Weaknesses		CWE-78
CPEs		cpe:2.3:h:centurysys:futurenet_nxr-1200:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-125\/cx:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-530:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-650:-:::::::* cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:::::::* cpe:2.3:h:centurysys:futurenet_wxr-250:-:::::::* cpe:2.3:o:centurysys:futurenet_vxr-x64:::::::: cpe:2.3:o:centurysys:futurenet_vxr-x86::::::::
Vendors & Products		Centurysys futurenet Nxr-1200 Centurysys futurenet Nxr-120\/c Centurysys futurenet Nxr-125\/cx Centurysys futurenet Nxr-130\/c Centurysys futurenet Nxr-160\/lw Centurysys futurenet Nxr-230\/c Centurysys futurenet Nxr-350\/c Centurysys futurenet Nxr-530 Centurysys futurenet Nxr-650 Centurysys futurenet Nxr-g180\/l-ca Centurysys futurenet Vxr-x64 Centurysys futurenet Vxr-x86 Centurysys futurenet Wxr-250

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-07-17T08:48:33.524Z

Updated: 2024-08-02T03:37:05.246Z

Reserved: 2024-06-06T06:08:00.324Z

Link: CVE-2024-36475

Vulnrichment

Updated: 2024-07-25T19:35:41.992Z

NVD

Status : Modified

Published: 2024-07-17T09:15:03.013

Modified: 2024-11-21T09:22:15.240

Link: CVE-2024-36475

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object