Lucene search

JpcertCVE-2024-31070

HistoryJul 17, 2024 - 9:15 a.m.

CVE-2024-31070

2024-07-1709:15:02

CWE-1188

jpcert

web.nvd.nist.gov

futurenet nxr vxr wxr telnet access remote unauthenticated vulnerability

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7.1

Confidence

Low

EPSS

Percentile

16.0%

JSON

Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.

Affected configurations

Nvd

Vulners

Node

centurysysfuturenet_nxr-1300_firmwareRange<7.4.10

centurysysfuturenet_nxr-155\/c_firmware

centurysysfuturenet_nxr-610x_firmwareRange<21.14.11c

centurysysfuturenet_nxr-g050_firmwareRange<21.12.10

centurysysfuturenet_nxr-g060_firmwareRange<21.15.6

centurysysfuturenet_nxr-g100_firmwareRange<6.23.11

centurysysfuturenet_nxr-g110_firmwareRange<21.7.32

centurysysfuturenet_nxr-g120_firmwareRange<21.15.2c

centurysysfuturenet_nxr-g200_firmwareRange<9.12.16

centurysysfuturenet_vxr-x64Range<21.7.32

centurysysfuturenet_vxr-x86Range<10.1.5

Node

centurysysfuturenet_nxr-160\/lw_firmwareRange<21.8.4

AND

centurysysfuturenet_nxr-160\/lwMatch-

Node

centurysysfuturenet_nxr-230\/c_firmwareRange<5.30.13

AND

centurysysfuturenet_nxr-230\/cMatch-

Node

centurysysfuturenet_nxr-350\/c_firmwareRange<5.30.9c

AND

centurysysfuturenet_nxr-350\/cMatch-

Node

centurysysfuturenet_nxr-530_firmwareRange<21.11.14

AND

centurysysfuturenet_nxr-530Match-

Node

centurysysfuturenet_nxr-650_firmwareRange<21.16.2

AND

centurysysfuturenet_nxr-650_firmware

Node

centurysysfuturenet_nxr-g180\/l-ca_firmwareRange<21.7.28c

AND

centurysysfuturenet_nxr-g180\/l-caMatch-

Node

centurysysfuturenet_nxr-130\/c_firmware

AND

centurysysfuturenet_nxr-130\/cMatch-

Node

centurysysfuturenet_nxr-125\/cx_firmware

AND

centurysysfuturenet_nxr-125\/cx_firmware

Node

centurysysfuturenet_nxr-120\/c_firmware

AND

centurysysfuturenet_nxr-120\/cMatch-

Node

centurysysfuturenet_wxr-250_firmware

AND

centurysysfuturenet_wxr-250Match-

Node

centurysysfuturenet_nxr-1200_firmware

AND

centurysysfuturenet_nxr-1200Match-

VendorProductVersionCPE
centurysysfuturenet_nxr-1300_firmware*cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-155\/c_firmware*cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-610x_firmware*cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-g050_firmware*cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-g060_firmware*cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-g100_firmware*cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-g110_firmware*cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-g120_firmware*cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-g200_firmware*cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_vxr-x64*cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
centurysys	futurenet_nxr-1300_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware::::::::
centurysys	futurenet_nxr-155\/c_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware::::::::
centurysys	futurenet_nxr-610x_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware::::::::
centurysys	futurenet_nxr-g050_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware::::::::
centurysys	futurenet_nxr-g060_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware::::::::
centurysys	futurenet_nxr-g100_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware::::::::
centurysys	futurenet_nxr-g110_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware::::::::
centurysys	futurenet_nxr-g120_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware::::::::
centurysys	futurenet_nxr-g200_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware::::::::
centurysys	futurenet_vxr-x64	*	cpe:2.3:o:centurysys:futurenet_vxr-x64::::::::

Rows per page:

1-10 of 311

CNA Affected

[
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-1300 series",
    "versions": [
      {
        "version": "firmware version 7.4.9 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-650",
    "versions": [
      {
        "version": "firmware version 21.16.1 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-610X series",
    "versions": [
      {
        "version": "firmware version 21.14.11 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-530",
    "versions": [
      {
        "version": "firmware version 21.11.13 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-350/C",
    "versions": [
      {
        "version": "firmware version 5.30.9 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-230/C",
    "versions": [
      {
        "version": "firmware version 5.30.12 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-160/LW",
    "versions": [
      {
        "version": "firmware version 21.8.3 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G200 series",
    "versions": [
      {
        "version": "firmware version 9.12.15 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G180/L-CA",
    "versions": [
      {
        "version": "firmware version 21.7.28B and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G120 series",
    "versions": [
      {
        "version": "firmware version 21.15.2 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G110 series",
    "versions": [
      {
        "version": "firmware version 21.7.30C and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G100 series",
    "versions": [
      {
        "version": "firmware version 6.23.10 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G060 series",
    "versions": [
      {
        "version": "firmware version 21.15.5 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G050 series",
    "versions": [
      {
        "version": "firmware version 21.12.9 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet VXR/x64",
    "versions": [
      {
        "version": "firmware version 21.7.31 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet VXR/x86",
    "versions": [
      {
        "version": "firmware version 10.1.4 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-1200",
    "versions": [
      {
        "version": "firmware version 5.25.21 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-130/C",
    "versions": [
      {
        "version": "firmware version 5.13.21 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-155/C series",
    "versions": [
      {
        "version": "firmware version 5.22.5M and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-125/CX",
    "versions": [
      {
        "version": "firmware version 5.25.7H and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-120/C",
    "versions": [
      {
        "version": "firmware version 5.25.7H and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet WXR-250",
    "versions": [
      {
        "version": "firmware version 1.4.7 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU96424864/

www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html

www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7.1

Confidence

Low

EPSS

Percentile

16.0%

JSON

Related for CVE-2024-31070