FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.013.

Exploitation none

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Century Systems Co., Ltd. FutureNet NXR-1300 series affected
Version Status Constraints
firmware version 7.4.9 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-650 affected
Version Status Constraints
firmware version 21.16.1 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-610X series affected
Version Status Constraints
firmware version 21.14.11 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-530 affected
Version Status Constraints
firmware version 21.11.13 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-350/C affected
Version Status Constraints
firmware version 5.30.9 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-230/C affected
Version Status Constraints
firmware version 5.30.12 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-160/LW affected
Version Status Constraints
firmware version 21.8.3 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G200 series affected
Version Status Constraints
firmware version 9.12.15 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G180/L-CA affected
Version Status Constraints
firmware version 21.7.28B and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G120 series affected
Version Status Constraints
firmware version 21.15.2 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G110 series affected
Version Status Constraints
firmware version 21.7.30C and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G100 series affected
Version Status Constraints
firmware version 6.23.10 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G060 series affected
Version Status Constraints
firmware version 21.15.5 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-G050 series affected
Version Status Constraints
firmware version 21.12.9 and earlier affected
Century Systems Co., Ltd. FutureNet VXR/x64 affected
Version Status Constraints
firmware version 21.7.31 and earlier affected
Century Systems Co., Ltd. FutureNet VXR/x86 affected
Version Status Constraints
firmware version 10.1.4 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-1200 affected
Version Status Constraints
firmware version 5.25.21 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-130/C affected
Version Status Constraints
firmware version 5.13.21 and earlier affected
Century Systems Co., Ltd. FutureNet NXR-155/C series affected
Version Status Constraints
firmware version 5.22.5M and earlier affected
Century Systems Co., Ltd. FutureNet NXR-125/CX affected
Version Status Constraints
firmware version 5.25.7H and earlier affected
Century Systems Co., Ltd. FutureNet NXR-120/C affected
Version Status Constraints
firmware version 5.25.7H and earlier affected
Century Systems Co., Ltd. FutureNet WXR-250 affected
Version Status Constraints
firmware version 1.4.7 and earlier affected

Configuration 1 [-]

OR cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Centurysys Subscribe
Futurenet Nxr-1200 Subscribe
Futurenet Nxr-1200 Firmware Subscribe
Futurenet Nxr-120\/c Subscribe
Futurenet Nxr-120\/c Firmware Subscribe
Futurenet Nxr-125\/cx Firmware Subscribe
Futurenet Nxr-1300 Firmware Subscribe
Futurenet Nxr-130\/c Subscribe
Futurenet Nxr-130\/c Firmware Subscribe
Futurenet Nxr-155\/c Firmware Subscribe
Futurenet Nxr-160\/lw Subscribe
Futurenet Nxr-160\/lw Firmware Subscribe
Futurenet Nxr-230\/c Subscribe
Futurenet Nxr-230\/c Firmware Subscribe
Futurenet Nxr-350\/c Subscribe
Futurenet Nxr-350\/c Firmware Subscribe
Futurenet Nxr-530 Subscribe
Futurenet Nxr-530 Firmware Subscribe
Futurenet Nxr-610x Firmware Subscribe
Futurenet Nxr-650 Firmware Subscribe
Futurenet Nxr-g050 Firmware Subscribe
Futurenet Nxr-g060 Firmware Subscribe
Futurenet Nxr-g100 Firmware Subscribe
Futurenet Nxr-g110 Firmware Subscribe
Futurenet Nxr-g120 Firmware Subscribe
Futurenet Nxr-g180\/l-ca Subscribe
Futurenet Nxr-g180\/l-ca Firmware Subscribe
Futurenet Nxr-g200 Firmware Subscribe
Futurenet Vxr-x64 Subscribe
Futurenet Vxr-x86 Subscribe
Futurenet Vxr\/x64 Firmware Subscribe
Futurenet Vxr\/x86 Firmware Subscribe
Futurenet Wxr-250 Subscribe
Futurenet Wxr-250 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2024-36123 FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://jvn.jp/en/vu/JVNVU96424864/ cve-icon cve-icon
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html cve-icon cve-icon
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html cve-icon cve-icon
History

Tue, 01 Apr 2025 05:00:00 +0000

Type Values Removed Values Added
Description FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition. FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.

Fri, 27 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Centurysys futurenet Nxr-1200
Centurysys futurenet Nxr-120\/c
Centurysys futurenet Nxr-130\/c
Centurysys futurenet Nxr-160\/lw
Centurysys futurenet Nxr-230\/c
Centurysys futurenet Nxr-350\/c
Centurysys futurenet Nxr-530
Centurysys futurenet Nxr-g180\/l-ca
Centurysys futurenet Vxr-x64
Centurysys futurenet Vxr-x86
Centurysys futurenet Wxr-250
CPEs cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*
Vendors & Products Centurysys futurenet Nxr-1200
Centurysys futurenet Nxr-120\/c
Centurysys futurenet Nxr-130\/c
Centurysys futurenet Nxr-160\/lw
Centurysys futurenet Nxr-230\/c
Centurysys futurenet Nxr-350\/c
Centurysys futurenet Nxr-530
Centurysys futurenet Nxr-g180\/l-ca
Centurysys futurenet Vxr-x64
Centurysys futurenet Vxr-x86
Centurysys futurenet Wxr-250

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2025-04-08T20:43:36.698Z

Reserved: 2024-06-06T06:08:01.273Z

Link: CVE-2024-36491

cve-icon Vulnrichment

Updated: 2024-08-02T03:37:05.269Z

cve-icon NVD

Status : Modified

Published: 2024-07-17T09:15:03.090

Modified: 2025-04-01T05:15:43.447

Link: CVE-2024-36491

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses