CVE-2024-36475 (GCVE-0-2024-36475)
Vulnerability from cvelistv5 – Published: 2024-07-17 08:48 – Updated: 2024-08-02 03:37
VLAI?
Summary
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
Severity ?
7.2 (High)
CWE
- Active debug code
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Affected:
firmware version 7.4.9 and earlier
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T19:32:43.680364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T19:40:17.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Active debug code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T08:48:33.524Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36475",
"datePublished": "2024-07-17T08:48:33.524Z",
"dateReserved": "2024-06-06T06:08:00.324Z",
"dateUpdated": "2024-08-02T03:37:05.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.4.10\", \"matchCriteriaId\": \"93E1B6BE-9BC9-42A1-BAAD-F3B77480E39E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-155\\\\/c_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB857995-8BB6-43D8-8312-A07A9B0406EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.14.11c\", \"matchCriteriaId\": \"DAE4D3F9-8AD2-4E7F-A775-C7F9CDB2AF86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.12.10\", \"matchCriteriaId\": \"0A13E427-5D4C-438F-8138-32CFB0891B4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.15.6\", \"matchCriteriaId\": \"201D26E0-8485-4BBD-B5CB-AFAB668A3BCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.23.11\", \"matchCriteriaId\": \"4236D6DC-2190-4280-9667-DFF95C065800\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.7.32\", \"matchCriteriaId\": \"1C488D0A-3B6E-4C8B-9C05-C68E67A26E51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.15.2c\", \"matchCriteriaId\": \"10F93F4E-CFA1-4FE4-9FDB-D9C58B5967A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.12.16\", \"matchCriteriaId\": \"7016BF10-A68A-489E-AEE8-92B7CE768190\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.7.32\", \"matchCriteriaId\": \"C4218167-7FDF-4ED7-B776-724504E8E5AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.1.5\", \"matchCriteriaId\": \"663661B7-9552-4E05-952F-3BD491B30B20\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-160\\\\/lw_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.8.4\", \"matchCriteriaId\": \"A03D7A97-5D7B-4A10-A83E-07DDEBC5F1F2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:centurysys:futurenet_nxr-160\\\\/lw:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87410133-A2F3-4592-A808-04AFA816953C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-230\\\\/c_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.30.13\", \"matchCriteriaId\": \"85AD66C6-DF0F-4BC1-B979-C2BB8F09CBC9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:centurysys:futurenet_nxr-230\\\\/c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8FE0C63-8CF3-485C-8E8E-7C39AA07006F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-350\\\\/c_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.30.9c\", \"matchCriteriaId\": \"6A40EC07-7E1F-40F8-BE4B-DF03ED12E913\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:centurysys:futurenet_nxr-350\\\\/c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0B53442-E424-4FA2-9049-B66AF2B39200\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.11.14\", \"matchCriteriaId\": \"CBB1B1A5-A8FF-47E4-B544-407D7EFD39D7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35845A42-42A5-4042-BCEA-8015F8CB5C37\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.16.2\", \"matchCriteriaId\": \"DBFB68AA-BA4A-4DF6-916A-D2597C1B65AE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:centurysys:futurenet_nxr-650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2A05CBE-5537-496C-BCB9-DEDE5DCB3A70\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-g180\\\\/l-ca_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.7.28c\", \"matchCriteriaId\": \"58FE55C1-3266-4183-8DD7-9F73F4B18446\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:centurysys:futurenet_nxr-g180\\\\/l-ca:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A0AEA14-2DF2-4E0E-AB16-49DC74F6CC78\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-130\\\\/c_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E78D5D52-53FD-4F1A-9B39-F43A6A718082\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:centurysys:futurenet_nxr-130\\\\/c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9AE2019-F134-4D0C-991E-613BED91BB7B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-125\\\\/cx_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B54CBE1A-E6E0-4C94-A187-B3B16BAF09A8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:centurysys:futurenet_nxr-125\\\\/cx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B567654-440B-4173-90C8-BE3DFB0447C7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-120\\\\/c_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"955F9BBA-FDA1-46C5-ACD9-86661D7C6027\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:centurysys:futurenet_nxr-120\\\\/c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFF4A7DC-3DBB-4CCD-B8B0-F4BFB188C135\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F62ECC5-D4AA-4C75-AD1D-8C130E9C7118\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44B45729-2265-4DB0-BD01-F133C7B2C857\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55D6BD64-221C-48A1-8A54-F41BDDE0A199\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70F6FF8E-4303-4213-9603-B81ACA9CEE8E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.\"}, {\"lang\": \"es\", \"value\": \"Las series FutureNet NXR, VXR y WXR proporcionadas por Century Systems Co., Ltd. contienen una vulnerabilidad de c\\u00f3digo de depuraci\\u00f3n activa. Si un usuario que sabe c\\u00f3mo utilizar la funci\\u00f3n de depuraci\\u00f3n inicia sesi\\u00f3n en el producto, se puede utilizar la funci\\u00f3n de depuraci\\u00f3n y se puede ejecutar un comando arbitrario del sistema operativo.\"}]",
"id": "CVE-2024-36475",
"lastModified": "2024-11-21T09:22:15.240",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}]}",
"published": "2024-07-17T09:15:03.013",
"references": "[{\"url\": \"https://jvn.jp/en/vu/JVNVU96424864/\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/en/vu/JVNVU96424864/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-489\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-36475\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-07-17T09:15:03.013\",\"lastModified\":\"2024-11-21T09:22:15.240\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.\"},{\"lang\":\"es\",\"value\":\"Las series FutureNet NXR, VXR y WXR proporcionadas por Century Systems Co., Ltd. contienen una vulnerabilidad de c\u00f3digo de depuraci\u00f3n activa. Si un usuario que sabe c\u00f3mo utilizar la funci\u00f3n de depuraci\u00f3n inicia sesi\u00f3n en el producto, se puede utilizar la funci\u00f3n de depuraci\u00f3n y se puede ejecutar un comando arbitrario del sistema operativo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-489\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.10\",\"matchCriteriaId\":\"93E1B6BE-9BC9-42A1-BAAD-F3B77480E39E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-155\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB857995-8BB6-43D8-8312-A07A9B0406EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.14.11c\",\"matchCriteriaId\":\"DAE4D3F9-8AD2-4E7F-A775-C7F9CDB2AF86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.12.10\",\"matchCriteriaId\":\"0A13E427-5D4C-438F-8138-32CFB0891B4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.15.6\",\"matchCriteriaId\":\"201D26E0-8485-4BBD-B5CB-AFAB668A3BCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.23.11\",\"matchCriteriaId\":\"4236D6DC-2190-4280-9667-DFF95C065800\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.7.32\",\"matchCriteriaId\":\"1C488D0A-3B6E-4C8B-9C05-C68E67A26E51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.15.2c\",\"matchCriteriaId\":\"10F93F4E-CFA1-4FE4-9FDB-D9C58B5967A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.12.16\",\"matchCriteriaId\":\"7016BF10-A68A-489E-AEE8-92B7CE768190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.7.32\",\"matchCriteriaId\":\"C4218167-7FDF-4ED7-B776-724504E8E5AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.1.5\",\"matchCriteriaId\":\"663661B7-9552-4E05-952F-3BD491B30B20\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-160\\\\/lw_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.8.4\",\"matchCriteriaId\":\"A03D7A97-5D7B-4A10-A83E-07DDEBC5F1F2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-160\\\\/lw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87410133-A2F3-4592-A808-04AFA816953C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-230\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.30.13\",\"matchCriteriaId\":\"85AD66C6-DF0F-4BC1-B979-C2BB8F09CBC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-230\\\\/c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FE0C63-8CF3-485C-8E8E-7C39AA07006F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-350\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.30.9c\",\"matchCriteriaId\":\"6A40EC07-7E1F-40F8-BE4B-DF03ED12E913\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-350\\\\/c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0B53442-E424-4FA2-9049-B66AF2B39200\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.11.14\",\"matchCriteriaId\":\"CBB1B1A5-A8FF-47E4-B544-407D7EFD39D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35845A42-42A5-4042-BCEA-8015F8CB5C37\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.16.2\",\"matchCriteriaId\":\"DBFB68AA-BA4A-4DF6-916A-D2597C1B65AE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A05CBE-5537-496C-BCB9-DEDE5DCB3A70\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g180\\\\/l-ca_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.7.28c\",\"matchCriteriaId\":\"58FE55C1-3266-4183-8DD7-9F73F4B18446\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-g180\\\\/l-ca:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A0AEA14-2DF2-4E0E-AB16-49DC74F6CC78\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-130\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E78D5D52-53FD-4F1A-9B39-F43A6A718082\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-130\\\\/c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9AE2019-F134-4D0C-991E-613BED91BB7B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-125\\\\/cx_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B54CBE1A-E6E0-4C94-A187-B3B16BAF09A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-125\\\\/cx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B567654-440B-4173-90C8-BE3DFB0447C7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-120\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"955F9BBA-FDA1-46C5-ACD9-86661D7C6027\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-120\\\\/c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF4A7DC-3DBB-4CCD-B8B0-F4BFB188C135\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F62ECC5-D4AA-4C75-AD1D-8C130E9C7118\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44B45729-2265-4DB0-BD01-F133C7B2C857\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55D6BD64-221C-48A1-8A54-F41BDDE0A199\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70F6FF8E-4303-4213-9603-B81ACA9CEE8E\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/vu/JVNVU96424864/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/vu/JVNVU96424864/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36475\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-25T19:32:43.680364Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-1300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.4.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-650_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.16.1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-610x_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.14.11\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-530_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.11.13\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-350\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-350\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.30.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-230\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-230\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.30.12\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-160\\\\/lw_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-160\\\\/lw_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.8.3\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g200_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.12.15\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g180\\\\/l-ca_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g180\\\\/l-ca_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.7.28B\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g120_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.15.2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g110_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.7.30C\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g100_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.23.10\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g060_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.15.5\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g050_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.12.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_vxr\\\\/x64_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_vxr\\\\/x64_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.7.31\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_vxr\\\\/x86_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_vxr\\\\/x86_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-1200_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.25.21\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-130\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-130\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.13.21\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-155\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-155\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.22.5M\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-125\\\\/cx_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-125\\\\/cx_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.25.7H\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-120\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-120\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.25.7H\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_wxr-250_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.4.7\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-489\", \"description\": \"CWE-489 Active Debug Code\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-25T19:35:41.992Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-1300 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 7.4.9 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-650\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.16.1 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-610X series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.14.11 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-530\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.11.13 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-350/C\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.30.9 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-230/C\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.30.12 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-160/LW\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.8.3 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G200 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 9.12.15 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G180/L-CA\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.7.28B and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G120 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.15.2 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G110 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.7.30C and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G100 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 6.23.10 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G060 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.15.5 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G050 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.12.9 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet VXR/x64\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.7.31 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet VXR/x86\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 10.1.4 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-1200\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.25.21 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-130/C\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.13.21 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-155/C series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.22.5M and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-125/CX\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.25.7H and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-120/C\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.25.7H and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet WXR-250\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 1.4.7 and earlier\"}]}], \"references\": [{\"url\": \"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\"}, {\"url\": \"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\"}, {\"url\": \"https://jvn.jp/en/vu/JVNVU96424864/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Active debug code\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-07-17T08:48:33.524Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-36475\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-07-25T19:40:17.396Z\", \"dateReserved\": \"2024-06-06T06:08:00.324Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-07-17T08:48:33.524Z\", \"assignerShortName\": \"jpcert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…