cvelistv5 - cve-2024-36475

cve-2024-36475

Vulnerability from cvelistv5

Published

2024-07-17 08:48

Modified

2024-08-02 03:37

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU96424864/	Third Party Advisory
vultures@jpcert.or.jp	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html	Vendor Advisory
vultures@jpcert.or.jp	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html	Vendor Advisory

Impacted products

▼	Vendor	Product
	Century Systems Co., Ltd.	FutureNet NXR-1300 series
	Century Systems Co., Ltd.	FutureNet NXR-650
	Century Systems Co., Ltd.	FutureNet NXR-610X series
	Century Systems Co., Ltd.	FutureNet NXR-530
	Century Systems Co., Ltd.	FutureNet NXR-350/C
	Century Systems Co., Ltd.	FutureNet NXR-230/C
	Century Systems Co., Ltd.	FutureNet NXR-160/LW
	Century Systems Co., Ltd.	FutureNet NXR-G200 series
	Century Systems Co., Ltd.	FutureNet NXR-G180/L-CA
	Century Systems Co., Ltd.	FutureNet NXR-G120 series
	Century Systems Co., Ltd.	FutureNet NXR-G110 series
	Century Systems Co., Ltd.	FutureNet NXR-G100 series
	Century Systems Co., Ltd.	FutureNet NXR-G060 series
	Century Systems Co., Ltd.	FutureNet NXR-G050 series
	Century Systems Co., Ltd.	FutureNet VXR/x64
	Century Systems Co., Ltd.	FutureNet VXR/x86
	Century Systems Co., Ltd.	FutureNet NXR-1200
	Century Systems Co., Ltd.	FutureNet NXR-130/C
	Century Systems Co., Ltd.	FutureNet NXR-155/C series
	Century Systems Co., Ltd.	FutureNet NXR-125/CX
	Century Systems Co., Ltd.	FutureNet NXR-120/C
	Century Systems Co., Ltd.	FutureNet WXR-250

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-1300_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "7.4.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-650_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.16.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-610x_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.14.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-530_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.11.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-350\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.30.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-230\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.30.12",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-160\\/lw_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.8.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g200_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "9.12.15",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g180\\/l-ca_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.7.28B",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g120_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.15.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g110_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.7.30C",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g100_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "6.23.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g060_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.15.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g050_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.12.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_vxr\\/x64_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.7.31",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_vxr\\/x86_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "10.1.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-1200_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.25.21",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-130\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.13.21",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-155\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.22.5M",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-125\\/cx_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.25.7H",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-120\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.25.7H",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_wxr-250_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "1.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36475",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-25T19:32:43.680364Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-489",
                "description": "CWE-489 Active Debug Code",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-25T19:40:17.396Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:37:05.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU96424864/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FutureNet NXR-1300 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 7.4.9 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-650",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.16.1 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-610X series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.14.11 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-530",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.11.13 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-350/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.30.9 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-230/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.30.12 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-160/LW",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.8.3 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G200 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 9.12.15 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G180/L-CA",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.7.28B and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G120 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.15.2 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G110 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.7.30C and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G100 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 6.23.10 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G060 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.15.5 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G050 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.12.9 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet VXR/x64",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.7.31 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet VXR/x86",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 10.1.4 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-1200",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.25.21 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-130/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.13.21 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-155/C series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.22.5M and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-125/CX",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.25.7H and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-120/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.25.7H and earlier"
            }
          ]
        },
        {
          "product": "FutureNet WXR-250",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 1.4.7 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Active debug code",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-17T08:48:33.524Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
        },
        {
          "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU96424864/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-36475",
    "datePublished": "2024-07-17T08:48:33.524Z",
    "dateReserved": "2024-06-06T06:08:00.324Z",
    "dateUpdated": "2024-08-02T03:37:05.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36475\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-07-17T09:15:03.013\",\"lastModified\":\"2024-09-27T17:50:00.430\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.\"},{\"lang\":\"es\",\"value\":\"Las series FutureNet NXR, VXR y WXR proporcionadas por Century Systems Co., Ltd. contienen una vulnerabilidad de c\u00f3digo de depuraci\u00f3n activa. Si un usuario que sabe c\u00f3mo utilizar la funci\u00f3n de depuraci\u00f3n inicia sesi\u00f3n en el producto, se puede utilizar la funci\u00f3n de depuraci\u00f3n y se puede ejecutar un comando arbitrario del sistema operativo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-489\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.10\",\"matchCriteriaId\":\"93E1B6BE-9BC9-42A1-BAAD-F3B77480E39E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-155\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB857995-8BB6-43D8-8312-A07A9B0406EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.14.11c\",\"matchCriteriaId\":\"DAE4D3F9-8AD2-4E7F-A775-C7F9CDB2AF86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.12.10\",\"matchCriteriaId\":\"0A13E427-5D4C-438F-8138-32CFB0891B4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.15.6\",\"matchCriteriaId\":\"201D26E0-8485-4BBD-B5CB-AFAB668A3BCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.23.11\",\"matchCriteriaId\":\"4236D6DC-2190-4280-9667-DFF95C065800\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.7.32\",\"matchCriteriaId\":\"1C488D0A-3B6E-4C8B-9C05-C68E67A26E51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.15.2c\",\"matchCriteriaId\":\"10F93F4E-CFA1-4FE4-9FDB-D9C58B5967A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.12.16\",\"matchCriteriaId\":\"7016BF10-A68A-489E-AEE8-92B7CE768190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.7.32\",\"matchCriteriaId\":\"C4218167-7FDF-4ED7-B776-724504E8E5AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.1.5\",\"matchCriteriaId\":\"663661B7-9552-4E05-952F-3BD491B30B20\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-160\\\\/lw_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.8.4\",\"matchCriteriaId\":\"A03D7A97-5D7B-4A10-A83E-07DDEBC5F1F2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-160\\\\/lw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87410133-A2F3-4592-A808-04AFA816953C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-230\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.30.13\",\"matchCriteriaId\":\"85AD66C6-DF0F-4BC1-B979-C2BB8F09CBC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-230\\\\/c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FE0C63-8CF3-485C-8E8E-7C39AA07006F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-350\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.30.9c\",\"matchCriteriaId\":\"6A40EC07-7E1F-40F8-BE4B-DF03ED12E913\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-350\\\\/c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0B53442-E424-4FA2-9049-B66AF2B39200\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.11.14\",\"matchCriteriaId\":\"CBB1B1A5-A8FF-47E4-B544-407D7EFD39D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35845A42-42A5-4042-BCEA-8015F8CB5C37\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.16.2\",\"matchCriteriaId\":\"DBFB68AA-BA4A-4DF6-916A-D2597C1B65AE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A05CBE-5537-496C-BCB9-DEDE5DCB3A70\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g180\\\\/l-ca_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.7.28c\",\"matchCriteriaId\":\"58FE55C1-3266-4183-8DD7-9F73F4B18446\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-g180\\\\/l-ca:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A0AEA14-2DF2-4E0E-AB16-49DC74F6CC78\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-130\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E78D5D52-53FD-4F1A-9B39-F43A6A718082\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-130\\\\/c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9AE2019-F134-4D0C-991E-613BED91BB7B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-125\\\\/cx_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B54CBE1A-E6E0-4C94-A187-B3B16BAF09A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-125\\\\/cx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B567654-440B-4173-90C8-BE3DFB0447C7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-120\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"955F9BBA-FDA1-46C5-ACD9-86661D7C6027\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-120\\\\/c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF4A7DC-3DBB-4CCD-B8B0-F4BFB188C135\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F62ECC5-D4AA-4C75-AD1D-8C130E9C7118\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44B45729-2265-4DB0-BD01-F133C7B2C857\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55D6BD64-221C-48A1-8A54-F41BDDE0A199\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70F6FF8E-4303-4213-9603-B81ACA9CEE8E\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/vu/JVNVU96424864/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

cve-2024-36475

Vulnerability from jvndb

Published

2024-07-29 17:51

Modified

2024-07-29 17:51

Severity ?

9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series

Details

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. * Initialization of a Resource with an Insecure Default (CWE-1188) CVE-2024-31070 * Active Debug Code (CWE-489) CVE-2024-36475 * OS Command Injection (CWE-78) CVE-2024-36491 * Buffer Overflow (CWE-120) CVE-2020-10188 The product uses previous versions of netkit-telnet which contains a known vulnerability. CVE-2024-31070, CVE-2024-36475 Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2024-36491, CVE-2020-10188 Century Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.

References

▼	Type	URL
	JVN	https://jvn.jp/en/vu/JVNVU96424864/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-31070
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-36475
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-36491
	CVE	https://www.cve.org/CVERecord?id=CVE-2020-10188
	Insecure Default Initialization of Resource(CWE-1188)	https://cwe.mitre.org/data/definitions/1188.html
	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120)	https://cwe.mitre.org/data/definitions/120.html
	Active Debug Code(CWE-489)	https://cwe.mitre.org/data/definitions/489.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Century Systems Co., Ltd.	FutureNet NXR-120/C
	Century Systems Co., Ltd.	FutureNet NXR-1200
	Century Systems Co., Ltd.	FutureNet NXR-125/CX
	Century Systems Co., Ltd.	FutureNet NXR-130/C
	Century Systems Co., Ltd.	FutureNet NXR-1300 series
	Century Systems Co., Ltd.	FutureNet NXR-155/C series
	Century Systems Co., Ltd.	FutureNet NXR-160/LW
	Century Systems Co., Ltd.	FutureNet NXR-230/C
	Century Systems Co., Ltd.	FutureNet NXR-350/C
	Century Systems Co., Ltd.	FutureNet NXR-530
	Century Systems Co., Ltd.	FutureNet NXR-610X series
	Century Systems Co., Ltd.	FutureNet NXR-650
	Century Systems Co., Ltd.	FutureNet NXR-G050 series
	Century Systems Co., Ltd.	FutureNet NXR-G060 series
	Century Systems Co., Ltd.	FutureNet NXR-G100 series
	Century Systems Co., Ltd.	FutureNet NXR-G110 series
	Century Systems Co., Ltd.	FutureNet NXR-G120 series
	Century Systems Co., Ltd.	FutureNet NXR-G180/L-CA
	Century Systems Co., Ltd.	FutureNet NXR-G200 series
	Century Systems Co., Ltd.	FutureNet VXR/x64
	Century Systems Co., Ltd.	FutureNet VXR/x86
	Century Systems Co., Ltd.	FutureNet WXR-250

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
  "dc:date": "2024-07-29T17:51+09:00",
  "dcterms:issued": "2024-07-29T17:51+09:00",
  "dcterms:modified": "2024-07-29T17:51+09:00",
  "description": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.\r\n  * Initialization of a Resource with an Insecure Default (CWE-1188)\r\nCVE-2024-31070\r\n  * Active Debug Code (CWE-489)\r\nCVE-2024-36475\r\n  * OS Command Injection (CWE-78)\r\nCVE-2024-36491\r\n  * Buffer Overflow (CWE-120)\r\nCVE-2020-10188\r\nThe product uses previous versions of netkit-telnet which contains a known vulnerability.\r\n\r\nCVE-2024-31070, CVE-2024-36475\r\nKatsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2024-36491, CVE-2020-10188\r\nCentury Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-120/c",
      "@product": "FutureNet NXR-120/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-1200",
      "@product": "FutureNet NXR-1200",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-125/cx",
      "@product": "FutureNet NXR-125/CX",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-130/c",
      "@product": "FutureNet NXR-130/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-1300",
      "@product": "FutureNet NXR-1300 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-155/c",
      "@product": "FutureNet NXR-155/C series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-160/lw",
      "@product": "FutureNet NXR-160/LW",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-230/c",
      "@product": "FutureNet NXR-230/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-350/c",
      "@product": "FutureNet NXR-350/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-530",
      "@product": "FutureNet NXR-530",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-610x",
      "@product": "FutureNet NXR-610X series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-650",
      "@product": "FutureNet NXR-650",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g050",
      "@product": "FutureNet NXR-G050 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g060",
      "@product": "FutureNet NXR-G060 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g100",
      "@product": "FutureNet NXR-G100 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g110",
      "@product": "FutureNet NXR-G110 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g120",
      "@product": "FutureNet NXR-G120 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g180/l-ca",
      "@product": "FutureNet NXR-G180/L-CA",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g200",
      "@product": "FutureNet NXR-G200 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_vxr/x64",
      "@product": "FutureNet VXR/x64",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_vxr/x86",
      "@product": "FutureNet VXR/x86",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_wxr-250",
      "@product": "FutureNet WXR-250",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "9.8",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-004595",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU96424864/index.html",
      "@id": "JVNVU#96424864",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31070",
      "@id": "CVE-2024-31070",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36475",
      "@id": "CVE-2024-36475",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36491",
      "@id": "CVE-2024-36491",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2020-10188",
      "@id": "CVE-2020-10188",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/1188.html",
      "@id": "CWE-1188",
      "@title": "Insecure Default Initialization of Resource(CWE-1188)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/120.html",
      "@id": "CWE-120",
      "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/489.html",
      "@id": "CWE-489",
      "@title": "Active Debug Code(CWE-489)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series"
}

ghsa-hx98-fgmp-472p

Vulnerability from github

Published

2024-07-17 09:30

Modified

2024-08-01 15:32

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-36475"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-489",
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-17T09:15:03Z",
    "severity": "HIGH"
  },
  "details": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.",
  "id": "GHSA-hx98-fgmp-472p",
  "modified": "2024-08-01T15:32:05Z",
  "published": "2024-07-17T09:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36475"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU96424864"
    },
    {
      "type": "WEB",
      "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
    },
    {
      "type": "WEB",
      "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Action not permitted

cve-2024-36475

Vulnerability from cvelistv5

cve-2024-36475

Vulnerability from jvndb

ghsa-hx98-fgmp-472p

Vulnerability from github

Tags