cvelistv5 - cve-2024-36475

cve-2024-36475

Vulnerability from cvelistv5

Published

2024-07-17 08:48

Modified

2024-08-02 03:37

Severity

7.2 (High) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

References

Source	URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU96424864/
vultures@jpcert.or.jp	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
vultures@jpcert.or.jp	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html

Impacted products

Vendor	Product
Century Systems Co., Ltd.	FutureNet NXR-1300 series
Century Systems Co., Ltd.	FutureNet NXR-650
Century Systems Co., Ltd.	FutureNet NXR-610X series
Century Systems Co., Ltd.	FutureNet NXR-530
Century Systems Co., Ltd.	FutureNet NXR-350/C
Century Systems Co., Ltd.	FutureNet NXR-230/C
Century Systems Co., Ltd.	FutureNet NXR-160/LW
Century Systems Co., Ltd.	FutureNet NXR-G200 series
Century Systems Co., Ltd.	FutureNet NXR-G180/L-CA
Century Systems Co., Ltd.	FutureNet NXR-G120 series
Century Systems Co., Ltd.	FutureNet NXR-G110 series
Century Systems Co., Ltd.	FutureNet NXR-G100 series
Century Systems Co., Ltd.	FutureNet NXR-G060 series
Century Systems Co., Ltd.	FutureNet NXR-G050 series
Century Systems Co., Ltd.	FutureNet VXR/x64
Century Systems Co., Ltd.	FutureNet VXR/x86
Century Systems Co., Ltd.	FutureNet NXR-1200
Century Systems Co., Ltd.	FutureNet NXR-130/C
Century Systems Co., Ltd.	FutureNet NXR-155/C series
Century Systems Co., Ltd.	FutureNet NXR-125/CX
Century Systems Co., Ltd.	FutureNet NXR-120/C
Century Systems Co., Ltd.	FutureNet WXR-250

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-1300_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "7.4.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-650_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.16.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-610x_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.14.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-530_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.11.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-350\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.30.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-230\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.30.12",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-160\\/lw_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.8.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g200_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "9.12.15",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g180\\/l-ca_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.7.28B",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g120_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.15.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g110_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.7.30C",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g100_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "6.23.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g060_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.15.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g050_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.12.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_vxr\\/x64_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.7.31",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_vxr\\/x86_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "10.1.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-1200_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.25.21",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-130\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.13.21",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-155\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.22.5M",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-125\\/cx_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.25.7H",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-120\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.25.7H",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_wxr-250_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "1.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36475",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-25T19:32:43.680364Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-489",
                "description": "CWE-489 Active Debug Code",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-25T19:40:17.396Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:37:05.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU96424864/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FutureNet NXR-1300 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 7.4.9 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-650",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.16.1 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-610X series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.14.11 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-530",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.11.13 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-350/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.30.9 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-230/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.30.12 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-160/LW",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.8.3 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G200 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 9.12.15 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G180/L-CA",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.7.28B and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G120 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.15.2 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G110 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.7.30C and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G100 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 6.23.10 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G060 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.15.5 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G050 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.12.9 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet VXR/x64",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.7.31 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet VXR/x86",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 10.1.4 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-1200",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.25.21 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-130/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.13.21 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-155/C series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.22.5M and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-125/CX",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.25.7H and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-120/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.25.7H and earlier"
            }
          ]
        },
        {
          "product": "FutureNet WXR-250",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 1.4.7 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Active debug code",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-17T08:48:33.524Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
        },
        {
          "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU96424864/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-36475",
    "datePublished": "2024-07-17T08:48:33.524Z",
    "dateReserved": "2024-06-06T06:08:00.324Z",
    "dateUpdated": "2024-08-02T03:37:05.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36475\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-07-17T09:15:03.013\",\"lastModified\":\"2024-08-01T13:52:54.403\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.\"},{\"lang\":\"es\",\"value\":\"Las series FutureNet NXR, VXR y WXR proporcionadas por Century Systems Co., Ltd. contienen una vulnerabilidad de c\u00f3digo de depuraci\u00f3n activa. Si un usuario que sabe c\u00f3mo utilizar la funci\u00f3n de depuraci\u00f3n inicia sesi\u00f3n en el producto, se puede utilizar la funci\u00f3n de depuraci\u00f3n y se puede ejecutar un comando arbitrario del sistema operativo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-489\"}]}],\"references\":[{\"url\":\"https://jvn.jp/en/vu/JVNVU96424864/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\",\"source\":\"vultures@jpcert.or.jp\"}]}}"
  }
}

ghsa-hx98-fgmp-472p

Vulnerability from github

Published

2024-07-17 09:30

Modified

2024-08-01 15:32

Severity

7.2 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-36475"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-489"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-17T09:15:03Z",
    "severity": "HIGH"
  },
  "details": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.",
  "id": "GHSA-hx98-fgmp-472p",
  "modified": "2024-08-01T15:32:05Z",
  "published": "2024-07-17T09:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36475"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU96424864"
    },
    {
      "type": "WEB",
      "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
    },
    {
      "type": "WEB",
      "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-36475

Vulnerability from jvndb

Published

2024-07-29 17:51

Modified

2024-07-29 17:51

Severity

9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series

Details

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. * Initialization of a Resource with an Insecure Default (CWE-1188) CVE-2024-31070 * Active Debug Code (CWE-489) CVE-2024-36475 * OS Command Injection (CWE-78) CVE-2024-36491 * Buffer Overflow (CWE-120) CVE-2020-10188 The product uses previous versions of netkit-telnet which contains a known vulnerability. CVE-2024-31070, CVE-2024-36475 Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2024-36491, CVE-2020-10188 Century Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.

References

Type	URL
JVN	https://jvn.jp/en/vu/JVNVU96424864/index.html
CVE	https://www.cve.org/CVERecord?id=CVE-2024-31070
CVE	https://www.cve.org/CVERecord?id=CVE-2024-36475
CVE	https://www.cve.org/CVERecord?id=CVE-2024-36491
CVE	https://www.cve.org/CVERecord?id=CVE-2020-10188
Insecure Default Initialization of Resource(CWE-1188)	https://cwe.mitre.org/data/definitions/1188.html
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120)	https://cwe.mitre.org/data/definitions/120.html
Active Debug Code(CWE-489)	https://cwe.mitre.org/data/definitions/489.html
OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor	Product
Century Systems Co., Ltd.	FutureNet NXR-120/C
Century Systems Co., Ltd.	FutureNet NXR-1200
Century Systems Co., Ltd.	FutureNet NXR-125/CX
Century Systems Co., Ltd.	FutureNet NXR-130/C
Century Systems Co., Ltd.	FutureNet NXR-1300 series
Century Systems Co., Ltd.	FutureNet NXR-155/C series
Century Systems Co., Ltd.	FutureNet NXR-160/LW
Century Systems Co., Ltd.	FutureNet NXR-230/C
Century Systems Co., Ltd.	FutureNet NXR-350/C
Century Systems Co., Ltd.	FutureNet NXR-530
Century Systems Co., Ltd.	FutureNet NXR-610X series
Century Systems Co., Ltd.	FutureNet NXR-650
Century Systems Co., Ltd.	FutureNet NXR-G050 series
Century Systems Co., Ltd.	FutureNet NXR-G060 series
Century Systems Co., Ltd.	FutureNet NXR-G100 series
Century Systems Co., Ltd.	FutureNet NXR-G110 series
Century Systems Co., Ltd.	FutureNet NXR-G120 series
Century Systems Co., Ltd.	FutureNet NXR-G180/L-CA
Century Systems Co., Ltd.	FutureNet NXR-G200 series
Century Systems Co., Ltd.	FutureNet VXR/x64
Century Systems Co., Ltd.	FutureNet VXR/x86
Century Systems Co., Ltd.	FutureNet WXR-250

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
  "dc:date": "2024-07-29T17:51+09:00",
  "dcterms:issued": "2024-07-29T17:51+09:00",
  "dcterms:modified": "2024-07-29T17:51+09:00",
  "description": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.\r\n  * Initialization of a Resource with an Insecure Default (CWE-1188)\r\nCVE-2024-31070\r\n  * Active Debug Code (CWE-489)\r\nCVE-2024-36475\r\n  * OS Command Injection (CWE-78)\r\nCVE-2024-36491\r\n  * Buffer Overflow (CWE-120)\r\nCVE-2020-10188\r\nThe product uses previous versions of netkit-telnet which contains a known vulnerability.\r\n\r\nCVE-2024-31070, CVE-2024-36475\r\nKatsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2024-36491, CVE-2020-10188\r\nCentury Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-120/c",
      "@product": "FutureNet NXR-120/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-1200",
      "@product": "FutureNet NXR-1200",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-125/cx",
      "@product": "FutureNet NXR-125/CX",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-130/c",
      "@product": "FutureNet NXR-130/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-1300",
      "@product": "FutureNet NXR-1300 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-155/c",
      "@product": "FutureNet NXR-155/C series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-160/lw",
      "@product": "FutureNet NXR-160/LW",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-230/c",
      "@product": "FutureNet NXR-230/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-350/c",
      "@product": "FutureNet NXR-350/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-530",
      "@product": "FutureNet NXR-530",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-610x",
      "@product": "FutureNet NXR-610X series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-650",
      "@product": "FutureNet NXR-650",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g050",
      "@product": "FutureNet NXR-G050 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g060",
      "@product": "FutureNet NXR-G060 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g100",
      "@product": "FutureNet NXR-G100 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g110",
      "@product": "FutureNet NXR-G110 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g120",
      "@product": "FutureNet NXR-G120 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g180/l-ca",
      "@product": "FutureNet NXR-G180/L-CA",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g200",
      "@product": "FutureNet NXR-G200 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_vxr/x64",
      "@product": "FutureNet VXR/x64",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_vxr/x86",
      "@product": "FutureNet VXR/x86",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_wxr-250",
      "@product": "FutureNet WXR-250",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "9.8",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-004595",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU96424864/index.html",
      "@id": "JVNVU#96424864",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31070",
      "@id": "CVE-2024-31070",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36475",
      "@id": "CVE-2024-36475",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36491",
      "@id": "CVE-2024-36491",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2020-10188",
      "@id": "CVE-2020-10188",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/1188.html",
      "@id": "CWE-1188",
      "@title": "Insecure Default Initialization of Resource(CWE-1188)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/120.html",
      "@id": "CWE-120",
      "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/489.html",
      "@id": "CWE-489",
      "@title": "Active Debug Code(CWE-489)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series"
}

Action not permitted

cve-2024-36475

Vulnerability from cvelistv5

ghsa-hx98-fgmp-472p

Vulnerability from github

cve-2024-36475

Vulnerability from jvndb

Tags