Lucene search

JpcertCVE-2024-36491

HistoryJul 17, 2024 - 9:15 a.m.

CVE-2024-36491

2024-07-1709:15:03

CWE-78

jpcert

web.nvd.nist.gov

futurenet

century systems

remote execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

16.3%

JSON

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition.

Affected configurations

Nvd

Vulners

Node

centurysysfuturenet_nxr-1300_firmwareRange<7.4.10

centurysysfuturenet_nxr-155\/c_firmware

centurysysfuturenet_nxr-610x_firmwareRange<21.14.11c

centurysysfuturenet_nxr-g050_firmwareRange<21.12.10

centurysysfuturenet_nxr-g060_firmwareRange<21.15.6

centurysysfuturenet_nxr-g100_firmwareRange<6.23.11

centurysysfuturenet_nxr-g110_firmwareRange<21.7.32

centurysysfuturenet_nxr-g120_firmwareRange<21.15.2c

centurysysfuturenet_nxr-g200_firmwareRange<9.12.16

centurysysfuturenet_vxr-x64Range<21.7.32

centurysysfuturenet_vxr-x86Range<10.1.5

Node

centurysysfuturenet_nxr-160\/lw_firmwareRange<21.8.4

AND

centurysysfuturenet_nxr-160\/lwMatch-

Node

centurysysfuturenet_nxr-230\/c_firmwareRange<5.30.13

AND

centurysysfuturenet_nxr-230\/cMatch-

Node

centurysysfuturenet_nxr-350\/c_firmwareRange<5.30.9c

AND

centurysysfuturenet_nxr-350\/cMatch-

Node

centurysysfuturenet_nxr-530_firmwareRange<21.11.14

AND

centurysysfuturenet_nxr-530Match-

Node

centurysysfuturenet_nxr-650_firmwareRange<21.16.2

AND

centurysysfuturenet_nxr-650_firmware

Node

centurysysfuturenet_nxr-g180\/l-ca_firmwareRange<21.7.28c

AND

centurysysfuturenet_nxr-g180\/l-caMatch-

Node

centurysysfuturenet_nxr-130\/c_firmware

AND

centurysysfuturenet_nxr-130\/cMatch-

Node

centurysysfuturenet_nxr-125\/cx_firmware

AND

centurysysfuturenet_nxr-125\/cx_firmware

Node

centurysysfuturenet_nxr-120\/c_firmware

AND

centurysysfuturenet_nxr-120\/cMatch-

Node

centurysysfuturenet_wxr-250_firmware

AND

centurysysfuturenet_wxr-250Match-

Node

centurysysfuturenet_nxr-1200_firmware

AND

centurysysfuturenet_nxr-1200Match-

VendorProductVersionCPE
centurysysfuturenet_nxr-1300_firmware*cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-155\/c_firmware*cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-610x_firmware*cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-g050_firmware*cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-g060_firmware*cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-g100_firmware*cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-g110_firmware*cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-g120_firmware*cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_nxr-g200_firmware*cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*
centurysysfuturenet_vxr-x64*cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
centurysys	futurenet_nxr-1300_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware::::::::
centurysys	futurenet_nxr-155\/c_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware::::::::
centurysys	futurenet_nxr-610x_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware::::::::
centurysys	futurenet_nxr-g050_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware::::::::
centurysys	futurenet_nxr-g060_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware::::::::
centurysys	futurenet_nxr-g100_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware::::::::
centurysys	futurenet_nxr-g110_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware::::::::
centurysys	futurenet_nxr-g120_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware::::::::
centurysys	futurenet_nxr-g200_firmware	*	cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware::::::::
centurysys	futurenet_vxr-x64	*	cpe:2.3:o:centurysys:futurenet_vxr-x64::::::::

Rows per page:

1-10 of 311

CNA Affected

[
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-1300 series",
    "versions": [
      {
        "version": "firmware version 7.4.9 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-650",
    "versions": [
      {
        "version": "firmware version 21.16.1 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-610X series",
    "versions": [
      {
        "version": "firmware version 21.14.11 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-530",
    "versions": [
      {
        "version": "firmware version 21.11.13 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-350/C",
    "versions": [
      {
        "version": "firmware version 5.30.9 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-230/C",
    "versions": [
      {
        "version": "firmware version 5.30.12 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-160/LW",
    "versions": [
      {
        "version": "firmware version 21.8.3 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G200 series",
    "versions": [
      {
        "version": "firmware version 9.12.15 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G180/L-CA",
    "versions": [
      {
        "version": "firmware version 21.7.28B and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G120 series",
    "versions": [
      {
        "version": "firmware version 21.15.2 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G110 series",
    "versions": [
      {
        "version": "firmware version 21.7.30C and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G100 series",
    "versions": [
      {
        "version": "firmware version 6.23.10 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G060 series",
    "versions": [
      {
        "version": "firmware version 21.15.5 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-G050 series",
    "versions": [
      {
        "version": "firmware version 21.12.9 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet VXR/x64",
    "versions": [
      {
        "version": "firmware version 21.7.31 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet VXR/x86",
    "versions": [
      {
        "version": "firmware version 10.1.4 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-1200",
    "versions": [
      {
        "version": "firmware version 5.25.21 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-130/C",
    "versions": [
      {
        "version": "firmware version 5.13.21 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-155/C series",
    "versions": [
      {
        "version": "firmware version 5.22.5M and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-125/CX",
    "versions": [
      {
        "version": "firmware version 5.25.7H and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet NXR-120/C",
    "versions": [
      {
        "version": "firmware version 5.25.7H and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Century Systems Co., Ltd.",
    "product": "FutureNet WXR-250",
    "versions": [
      {
        "version": "firmware version 1.4.7 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU96424864/

www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html

www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

16.3%

JSON

Related for CVE-2024-36491