Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-hx98-fgmp-472p
Vulnerability from github
Published
2024-07-17 09:30
Modified
2024-08-01 15:32
Severity ?
Details
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
{
"affected": [],
"aliases": [
"CVE-2024-36475"
],
"database_specific": {
"cwe_ids": [
"CWE-489",
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-17T09:15:03Z",
"severity": "HIGH"
},
"details": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.",
"id": "GHSA-hx98-fgmp-472p",
"modified": "2024-08-01T15:32:05Z",
"published": "2024-07-17T09:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36475"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU96424864"
},
{
"type": "WEB",
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"type": "WEB",
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
cve-2024-36475
Vulnerability from cvelistv5
Published
2024-07-17 08:48
Modified
2024-08-02 03:37
Severity ?
EPSS score ?
Summary
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Century Systems Co., Ltd. | FutureNet NXR-1300 series |
Version: firmware version 7.4.9 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1300_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-650_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.16.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-610x_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.14.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-530_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.11.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-350\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-230\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.30.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-160\\/lw_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "9.12.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g180\\/l-ca_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.28B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g120_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g110_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.30C",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g100_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "6.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g060_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-g050_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.12.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x64_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "21.7.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_vxr\\/x86_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "10.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-1200_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-130\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.13.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-155\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.22.5M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-125\\/cx_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_nxr-120\\/c_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "5.25.7H",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "futurenet_wxr-250_firmware",
"vendor": "centurysys",
"versions": [
{
"lessThanOrEqual": "1.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T19:32:43.680364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T19:40:17.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FutureNet NXR-1300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 7.4.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-650",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.16.1 and earlier"
}
]
},
{
"product": "FutureNet NXR-610X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.14.11 and earlier"
}
]
},
{
"product": "FutureNet NXR-530",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.11.13 and earlier"
}
]
},
{
"product": "FutureNet NXR-350/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.9 and earlier"
}
]
},
{
"product": "FutureNet NXR-230/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.30.12 and earlier"
}
]
},
{
"product": "FutureNet NXR-160/LW",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.8.3 and earlier"
}
]
},
{
"product": "FutureNet NXR-G200 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 9.12.15 and earlier"
}
]
},
{
"product": "FutureNet NXR-G180/L-CA",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.28B and earlier"
}
]
},
{
"product": "FutureNet NXR-G120 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.2 and earlier"
}
]
},
{
"product": "FutureNet NXR-G110 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.30C and earlier"
}
]
},
{
"product": "FutureNet NXR-G100 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 6.23.10 and earlier"
}
]
},
{
"product": "FutureNet NXR-G060 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.15.5 and earlier"
}
]
},
{
"product": "FutureNet NXR-G050 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.12.9 and earlier"
}
]
},
{
"product": "FutureNet VXR/x64",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 21.7.31 and earlier"
}
]
},
{
"product": "FutureNet VXR/x86",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 10.1.4 and earlier"
}
]
},
{
"product": "FutureNet NXR-1200",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-130/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.13.21 and earlier"
}
]
},
{
"product": "FutureNet NXR-155/C series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.22.5M and earlier"
}
]
},
{
"product": "FutureNet NXR-125/CX",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet NXR-120/C",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 5.25.7H and earlier"
}
]
},
{
"product": "FutureNet WXR-250",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.4.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Active debug code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T08:48:33.524Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
},
{
"url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96424864/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36475",
"datePublished": "2024-07-17T08:48:33.524Z",
"dateReserved": "2024-06-06T06:08:00.324Z",
"dateUpdated": "2024-08-02T03:37:05.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.