CVE-2024-36475

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/vu/JVNVU96424864/	Third Party Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html	Vendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html	Vendor Advisory
https://jvn.jp/en/vu/JVNVU96424864/	Third Party Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html	Vendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware::::::::
	cpe:2.3:o:centurysys:futurenet_vxr-x64::::::::
	cpe:2.3:o:centurysys:futurenet_vxr-x86::::::::

Configuration 2 (hide)

AND

cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-650:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-125\/cx:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-07-17 09:15

Updated : 2024-11-21 09:22

NVD link : CVE-2024-36475

Mitre link : CVE-2024-36475

CVE.ORG link : CVE-2024-36475

JSON object : View

Products Affected

centurysys

futurenet_nxr-130\/c_firmware
futurenet_nxr-155\/c_firmware
futurenet_nxr-160\/lw_firmware
futurenet_nxr-530
futurenet_nxr-230\/c_firmware
futurenet_nxr-650
futurenet_nxr-350\/c
futurenet_nxr-650_firmware
futurenet_nxr-1300_firmware
futurenet_nxr-1200
futurenet_nxr-g100_firmware
futurenet_nxr-1200_firmware
futurenet_nxr-120\/c_firmware
futurenet_wxr-250_firmware
futurenet_nxr-530_firmware
futurenet_nxr-350\/c_firmware
futurenet_nxr-g180\/l-ca_firmware
futurenet_nxr-160\/lw
futurenet_nxr-g180\/l-ca
futurenet_nxr-g120_firmware
futurenet_nxr-125\/cx_firmware
futurenet_wxr-250
futurenet_nxr-230\/c
futurenet_nxr-120\/c
futurenet_vxr-x64
futurenet_nxr-g200_firmware
futurenet_nxr-g110_firmware
futurenet_nxr-g060_firmware
futurenet_nxr-g050_firmware
futurenet_nxr-125\/cx
futurenet_vxr-x86
futurenet_nxr-130\/c
futurenet_nxr-610x_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-489

Active Debug Code

8.8 /10