Action not permitted
Modal body text goes here.
jvndb-2024-004595
Vulnerability from jvndb
Published
2024-07-29 17:51
Modified
2024-07-29 17:51
Severity ?
Summary
Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series
Details
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.
* Initialization of a Resource with an Insecure Default (CWE-1188)
CVE-2024-31070
* Active Debug Code (CWE-489)
CVE-2024-36475
* OS Command Injection (CWE-78)
CVE-2024-36491
* Buffer Overflow (CWE-120)
CVE-2020-10188
The product uses previous versions of netkit-telnet which contains a known vulnerability.
CVE-2024-31070, CVE-2024-36475
Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVE-2024-36491, CVE-2020-10188
Century Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/vu/JVNVU96424864/index.html | |
CVE | https://www.cve.org/CVERecord?id=CVE-2024-31070 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2024-36475 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2024-36491 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2020-10188 | |
Insecure Default Initialization of Resource(CWE-1188) | https://cwe.mitre.org/data/definitions/1188.html | |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120) | https://cwe.mitre.org/data/definitions/120.html | |
Active Debug Code(CWE-489) | https://cwe.mitre.org/data/definitions/489.html | |
OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html", "dc:date": "2024-07-29T17:51+09:00", "dcterms:issued": "2024-07-29T17:51+09:00", "dcterms:modified": "2024-07-29T17:51+09:00", "description": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.\r\n * Initialization of a Resource with an Insecure Default (CWE-1188)\r\nCVE-2024-31070\r\n * Active Debug Code (CWE-489)\r\nCVE-2024-36475\r\n * OS Command Injection (CWE-78)\r\nCVE-2024-36491\r\n * Buffer Overflow (CWE-120)\r\nCVE-2020-10188\r\nThe product uses previous versions of netkit-telnet which contains a known vulnerability.\r\n\r\nCVE-2024-31070, CVE-2024-36475\r\nKatsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2024-36491, CVE-2020-10188\r\nCentury Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.", "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html", "sec:cpe": [ { "#text": "cpe:/o:centurysys:futurenet_nxr-120/c", "@product": "FutureNet NXR-120/C", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-1200", "@product": "FutureNet NXR-1200", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-125/cx", "@product": "FutureNet NXR-125/CX", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-130/c", "@product": "FutureNet NXR-130/C", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-1300", "@product": "FutureNet NXR-1300 series", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-155/c", "@product": "FutureNet NXR-155/C series", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-160/lw", "@product": "FutureNet NXR-160/LW", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-230/c", "@product": "FutureNet NXR-230/C", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-350/c", "@product": "FutureNet NXR-350/C", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-530", "@product": "FutureNet NXR-530", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-610x", "@product": "FutureNet NXR-610X series", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-650", "@product": "FutureNet NXR-650", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-g050", "@product": "FutureNet NXR-G050 series", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-g060", "@product": "FutureNet NXR-G060 series", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-g100", "@product": "FutureNet NXR-G100 series", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-g110", "@product": "FutureNet NXR-G110 series", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-g120", "@product": "FutureNet NXR-G120 series", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-g180/l-ca", "@product": "FutureNet NXR-G180/L-CA", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_nxr-g200", "@product": "FutureNet NXR-G200 series", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_vxr/x64", "@product": "FutureNet VXR/x64", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_vxr/x86", "@product": "FutureNet VXR/x86", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:centurysys:futurenet_wxr-250", "@product": "FutureNet WXR-250", "@vendor": "Century Systems Co., Ltd.", "@version": "2.2" } ], "sec:cvss": { "@score": "9.8", "@severity": "Critical", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" }, "sec:identifier": "JVNDB-2024-004595", "sec:references": [ { "#text": "https://jvn.jp/en/vu/JVNVU96424864/index.html", "@id": "JVNVU#96424864", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31070", "@id": "CVE-2024-31070", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36475", "@id": "CVE-2024-36475", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36491", "@id": "CVE-2024-36491", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2020-10188", "@id": "CVE-2020-10188", "@source": "CVE" }, { "#text": "https://cwe.mitre.org/data/definitions/1188.html", "@id": "CWE-1188", "@title": "Insecure Default Initialization of Resource(CWE-1188)" }, { "#text": "https://cwe.mitre.org/data/definitions/120.html", "@id": "CWE-120", "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)" }, { "#text": "https://cwe.mitre.org/data/definitions/489.html", "@id": "CWE-489", "@title": "Active Debug Code(CWE-489)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" } ], "title": "Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series" }
cve-2024-36491
Vulnerability from cvelistv5
Published
2024-07-17 08:50
Modified
2024-08-02 03:37
Severity ?
EPSS score ?
Summary
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-1300_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "7.4.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-650_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.16.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-610x_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.14.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-530_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.11.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-350\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.30.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-230\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.30.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-160\\/lw_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.8.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g200_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "9.12.15", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g180\\/l-ca_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.7.28B", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g120_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.15.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g110_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.7.30C", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g100_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "6.23.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g060_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.15.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g050_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.12.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_vxr\\/x64_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.7.31", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_vxr\\/x86_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "10.1.4", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-1200_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.25.21", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-130\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.13.21", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-155\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.22.5M", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-125\\/cx_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.25.7H", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-120\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.25.7H", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_wxr-250_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "1.4.7", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-36491", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-25T19:34:01.135233Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-25T19:41:52.532Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:37:05.269Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html" }, { "tags": [ "x_transferred" ], "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html" }, { "tags": [ "x_transferred" ], "url": "https://jvn.jp/en/vu/JVNVU96424864/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FutureNet NXR-1300 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 7.4.9 and earlier" } ] }, { "product": "FutureNet NXR-650", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.16.1 and earlier" } ] }, { "product": "FutureNet NXR-610X series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.14.11 and earlier" } ] }, { "product": "FutureNet NXR-530", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.11.13 and earlier" } ] }, { "product": "FutureNet NXR-350/C", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.30.9 and earlier" } ] }, { "product": "FutureNet NXR-230/C", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.30.12 and earlier" } ] }, { "product": "FutureNet NXR-160/LW", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.8.3 and earlier" } ] }, { "product": "FutureNet NXR-G200 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 9.12.15 and earlier" } ] }, { "product": "FutureNet NXR-G180/L-CA", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.7.28B and earlier" } ] }, { "product": "FutureNet NXR-G120 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.15.2 and earlier" } ] }, { "product": "FutureNet NXR-G110 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.7.30C and earlier" } ] }, { "product": "FutureNet NXR-G100 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 6.23.10 and earlier" } ] }, { "product": "FutureNet NXR-G060 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.15.5 and earlier" } ] }, { "product": "FutureNet NXR-G050 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.12.9 and earlier" } ] }, { "product": "FutureNet VXR/x64", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.7.31 and earlier" } ] }, { "product": "FutureNet VXR/x86", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 10.1.4 and earlier" } ] }, { "product": "FutureNet NXR-1200", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.25.21 and earlier" } ] }, { "product": "FutureNet NXR-130/C", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.13.21 and earlier" } ] }, { "product": "FutureNet NXR-155/C series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.22.5M and earlier" } ] }, { "product": "FutureNet NXR-125/CX", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.25.7H and earlier" } ] }, { "product": "FutureNet NXR-120/C", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.25.7H and earlier" } ] }, { "product": "FutureNet WXR-250", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 1.4.7 and earlier" } ] } ], "descriptions": [ { "lang": "en", "value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition." } ], "problemTypes": [ { "descriptions": [ { "description": "OS command injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-17T08:50:11.777Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html" }, { "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html" }, { "url": "https://jvn.jp/en/vu/JVNVU96424864/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-36491", "datePublished": "2024-07-17T08:50:11.777Z", "dateReserved": "2024-06-06T06:08:01.273Z", "dateUpdated": "2024-08-02T03:37:05.269Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36475
Vulnerability from cvelistv5
Published
2024-07-17 08:48
Modified
2024-08-02 03:37
Severity ?
EPSS score ?
Summary
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-1300_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "7.4.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-650_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.16.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-610x_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.14.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-530_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.11.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-350\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.30.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-230\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.30.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-160\\/lw_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.8.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g200_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "9.12.15", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g180\\/l-ca_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.7.28B", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g120_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.15.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g110_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.7.30C", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g100_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "6.23.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g060_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.15.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g050_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.12.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_vxr\\/x64_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.7.31", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_vxr\\/x86_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "10.1.4", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-1200_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.25.21", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-130\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.13.21", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-155\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.22.5M", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-125\\/cx_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.25.7H", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-120\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.25.7H", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_wxr-250_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "1.4.7", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-36475", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-25T19:32:43.680364Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-489", "description": "CWE-489 Active Debug Code", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-25T19:40:17.396Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:37:05.246Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html" }, { "tags": [ "x_transferred" ], "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html" }, { "tags": [ "x_transferred" ], "url": "https://jvn.jp/en/vu/JVNVU96424864/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FutureNet NXR-1300 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 7.4.9 and earlier" } ] }, { "product": "FutureNet NXR-650", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.16.1 and earlier" } ] }, { "product": "FutureNet NXR-610X series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.14.11 and earlier" } ] }, { "product": "FutureNet NXR-530", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.11.13 and earlier" } ] }, { "product": "FutureNet NXR-350/C", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.30.9 and earlier" } ] }, { "product": "FutureNet NXR-230/C", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.30.12 and earlier" } ] }, { "product": "FutureNet NXR-160/LW", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.8.3 and earlier" } ] }, { "product": "FutureNet NXR-G200 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 9.12.15 and earlier" } ] }, { "product": "FutureNet NXR-G180/L-CA", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.7.28B and earlier" } ] }, { "product": "FutureNet NXR-G120 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.15.2 and earlier" } ] }, { "product": "FutureNet NXR-G110 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.7.30C and earlier" } ] }, { "product": "FutureNet NXR-G100 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 6.23.10 and earlier" } ] }, { "product": "FutureNet NXR-G060 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.15.5 and earlier" } ] }, { "product": "FutureNet NXR-G050 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.12.9 and earlier" } ] }, { "product": "FutureNet VXR/x64", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.7.31 and earlier" } ] }, { "product": "FutureNet VXR/x86", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 10.1.4 and earlier" } ] }, { "product": "FutureNet NXR-1200", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.25.21 and earlier" } ] }, { "product": "FutureNet NXR-130/C", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.13.21 and earlier" } ] }, { "product": "FutureNet NXR-155/C series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.22.5M and earlier" } ] }, { "product": "FutureNet NXR-125/CX", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.25.7H and earlier" } ] }, { "product": "FutureNet NXR-120/C", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.25.7H and earlier" } ] }, { "product": "FutureNet WXR-250", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 1.4.7 and earlier" } ] } ], "descriptions": [ { "lang": "en", "value": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed." } ], "problemTypes": [ { "descriptions": [ { "description": "Active debug code", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-17T08:48:33.524Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html" }, { "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html" }, { "url": "https://jvn.jp/en/vu/JVNVU96424864/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-36475", "datePublished": "2024-07-17T08:48:33.524Z", "dateReserved": "2024-06-06T06:08:00.324Z", "dateUpdated": "2024-08-02T03:37:05.246Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10188
Vulnerability from cvelistv5
Published
2020-03-06 14:07
Modified
2024-08-04 10:58
Severity ?
EPSS score ?
Summary
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:58:39.044Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "FEDORA-2020-11ea78ff8e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLU6FL24BSQQEB2SJC26NLJ2MANQDA7M/" }, { "name": "FEDORA-2020-e7b942a47a", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7FMTRRQTYKWZD2GMXX3GLZV46OLPCLVK/" }, { "name": "FEDORA-2020-6b07ff2526", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3VJ6V2Z3JRNJOBVHSOPMAC76PSSKG6A/" }, { "name": "[debian-lts-announce] 20200514 [SECURITY] [DLA 2176-1] inetutils security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00012.html" }, { "name": "20200624 Telnet Vulnerability Affecting Cisco Products: June 2020", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx" }, { "name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2341-1] inetutils security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00038.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10702-security-advisory-48" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-08T11:09:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "FEDORA-2020-11ea78ff8e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLU6FL24BSQQEB2SJC26NLJ2MANQDA7M/" }, { "name": "FEDORA-2020-e7b942a47a", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7FMTRRQTYKWZD2GMXX3GLZV46OLPCLVK/" }, { "name": "FEDORA-2020-6b07ff2526", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3VJ6V2Z3JRNJOBVHSOPMAC76PSSKG6A/" }, { "name": "[debian-lts-announce] 20200514 [SECURITY] [DLA 2176-1] inetutils security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00012.html" }, { "name": "20200624 Telnet Vulnerability Affecting Cisco Products: June 2020", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx" }, { "name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2341-1] inetutils security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00038.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10702-security-advisory-48" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10188", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "FEDORA-2020-11ea78ff8e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLU6FL24BSQQEB2SJC26NLJ2MANQDA7M/" }, { "name": "FEDORA-2020-e7b942a47a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7FMTRRQTYKWZD2GMXX3GLZV46OLPCLVK/" }, { "name": "FEDORA-2020-6b07ff2526", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3VJ6V2Z3JRNJOBVHSOPMAC76PSSKG6A/" }, { "name": "[debian-lts-announce] 20200514 [SECURITY] [DLA 2176-1] inetutils security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00012.html" }, { "name": "20200624 Telnet Vulnerability Affecting Cisco Products: June 2020", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx" }, { "name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2341-1] inetutils security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00038.html" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html", "refsource": "MISC", "url": "https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html" }, { "name": "https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216", "refsource": "MISC", "url": "https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216" }, { "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/10702-security-advisory-48", "refsource": "MISC", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10702-security-advisory-48" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10188", "datePublished": "2020-03-06T14:07:21", "dateReserved": "2020-03-06T00:00:00", "dateUpdated": "2024-08-04T10:58:39.044Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-31070
Vulnerability from cvelistv5
Published
2024-07-17 08:47
Modified
2024-08-02 01:46
Severity ?
EPSS score ?
Summary
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-1300_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "7.4.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-650_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.16.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-610x_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.14.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-530_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.11.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-350\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.30.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-230\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.30.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-160\\/lw_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.8.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g200_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "9.12.15", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g180\\/l-ca_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.7.28B", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g120_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.15.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g110_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.7.30C", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g100_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "6.23.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g060_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.15.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-g050_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.12.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_vxr\\/x64_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "21.7.31", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_vxr\\/x86_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "10.1.4", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-1200_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.25.21", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-130\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.13.21", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-155\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.22.5M", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-125\\/cx_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.25.7H", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_nxr-120\\/c_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "5.25.7H", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "futurenet_wxr-250_firmware", "vendor": "centurysys", "versions": [ { "lessThanOrEqual": "1.4.7", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-31070", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-17T13:17:01.773769Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-18T14:09:58.806Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:46:04.358Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html" }, { "tags": [ "x_transferred" ], "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html" }, { "tags": [ "x_transferred" ], "url": "https://jvn.jp/en/vu/JVNVU96424864/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "FutureNet NXR-1300 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 7.4.9 and earlier" } ] }, { "product": "FutureNet NXR-650", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.16.1 and earlier" } ] }, { "product": "FutureNet NXR-610X series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.14.11 and earlier" } ] }, { "product": "FutureNet NXR-530", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.11.13 and earlier" } ] }, { "product": "FutureNet NXR-350/C", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.30.9 and earlier" } ] }, { "product": "FutureNet NXR-230/C", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.30.12 and earlier" } ] }, { "product": "FutureNet NXR-160/LW", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.8.3 and earlier" } ] }, { "product": "FutureNet NXR-G200 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 9.12.15 and earlier" } ] }, { "product": "FutureNet NXR-G180/L-CA", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.7.28B and earlier" } ] }, { "product": "FutureNet NXR-G120 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.15.2 and earlier" } ] }, { "product": "FutureNet NXR-G110 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.7.30C and earlier" } ] }, { "product": "FutureNet NXR-G100 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 6.23.10 and earlier" } ] }, { "product": "FutureNet NXR-G060 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.15.5 and earlier" } ] }, { "product": "FutureNet NXR-G050 series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.12.9 and earlier" } ] }, { "product": "FutureNet VXR/x64", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 21.7.31 and earlier" } ] }, { "product": "FutureNet VXR/x86", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 10.1.4 and earlier" } ] }, { "product": "FutureNet NXR-1200", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.25.21 and earlier" } ] }, { "product": "FutureNet NXR-130/C", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.13.21 and earlier" } ] }, { "product": "FutureNet NXR-155/C series", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.22.5M and earlier" } ] }, { "product": "FutureNet NXR-125/CX", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.25.7H and earlier" } ] }, { "product": "FutureNet NXR-120/C", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 5.25.7H and earlier" } ] }, { "product": "FutureNet WXR-250", "vendor": "Century Systems Co., Ltd.", "versions": [ { "status": "affected", "version": "firmware version 1.4.7 and earlier" } ] } ], "descriptions": [ { "lang": "en", "value": "Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly." } ], "problemTypes": [ { "descriptions": [ { "description": "Initialization of a Resource with an Insecure Default", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-17T08:47:22.506Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html" }, { "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html" }, { "url": "https://jvn.jp/en/vu/JVNVU96424864/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-31070", "datePublished": "2024-07-17T08:47:22.506Z", "dateReserved": "2024-06-06T06:07:59.482Z", "dateUpdated": "2024-08-02T01:46:04.358Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.