jvndb-2024-004595
Vulnerability from jvndb
Published
2024-07-29 17:51
Modified
2024-07-29 17:51
Severity
9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series
Details
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. * Initialization of a Resource with an Insecure Default (CWE-1188) CVE-2024-31070 * Active Debug Code (CWE-489) CVE-2024-36475 * OS Command Injection (CWE-78) CVE-2024-36491 * Buffer Overflow (CWE-120) CVE-2020-10188 The product uses previous versions of netkit-telnet which contains a known vulnerability. CVE-2024-31070, CVE-2024-36475 Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2024-36491, CVE-2020-10188 Century Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.
References
TypeURL
JVN https://jvn.jp/en/vu/JVNVU96424864/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2024-31070
CVE https://www.cve.org/CVERecord?id=CVE-2024-36475
CVE https://www.cve.org/CVERecord?id=CVE-2024-36491
CVE https://www.cve.org/CVERecord?id=CVE-2020-10188
Insecure Default Initialization of Resource(CWE-1188) https://cwe.mitre.org/data/definitions/1188.html
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120) https://cwe.mitre.org/data/definitions/120.html
Active Debug Code(CWE-489) https://cwe.mitre.org/data/definitions/489.html
OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
VendorProduct
Century Systems Co., Ltd.FutureNet NXR-120/C
Century Systems Co., Ltd.FutureNet NXR-1200
Century Systems Co., Ltd.FutureNet NXR-125/CX
Century Systems Co., Ltd.FutureNet NXR-130/C
Century Systems Co., Ltd.FutureNet NXR-1300 series
Century Systems Co., Ltd.FutureNet NXR-155/C series
Century Systems Co., Ltd.FutureNet NXR-160/LW
Century Systems Co., Ltd.FutureNet NXR-230/C
Century Systems Co., Ltd.FutureNet NXR-350/C
Century Systems Co., Ltd.FutureNet NXR-530
Century Systems Co., Ltd.FutureNet NXR-610X series
Century Systems Co., Ltd.FutureNet NXR-650
Century Systems Co., Ltd.FutureNet NXR-G050 series
Century Systems Co., Ltd.FutureNet NXR-G060 series
Century Systems Co., Ltd.FutureNet NXR-G100 series
Century Systems Co., Ltd.FutureNet NXR-G110 series
Century Systems Co., Ltd.FutureNet NXR-G120 series
Century Systems Co., Ltd.FutureNet NXR-G180/L-CA
Century Systems Co., Ltd.FutureNet NXR-G200 series
Century Systems Co., Ltd.FutureNet VXR/x64
Century Systems Co., Ltd.FutureNet VXR/x86
Century Systems Co., Ltd.FutureNet WXR-250
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
  "dc:date": "2024-07-29T17:51+09:00",
  "dcterms:issued": "2024-07-29T17:51+09:00",
  "dcterms:modified": "2024-07-29T17:51+09:00",
  "description": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.\r\n  * Initialization of a Resource with an Insecure Default (CWE-1188)\r\nCVE-2024-31070\r\n  * Active Debug Code (CWE-489)\r\nCVE-2024-36475\r\n  * OS Command Injection (CWE-78)\r\nCVE-2024-36491\r\n  * Buffer Overflow (CWE-120)\r\nCVE-2020-10188\r\nThe product uses previous versions of netkit-telnet which contains a known vulnerability.\r\n\r\nCVE-2024-31070, CVE-2024-36475\r\nKatsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2024-36491, CVE-2020-10188\r\nCentury Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-120/c",
      "@product": "FutureNet NXR-120/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-1200",
      "@product": "FutureNet NXR-1200",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-125/cx",
      "@product": "FutureNet NXR-125/CX",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-130/c",
      "@product": "FutureNet NXR-130/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-1300",
      "@product": "FutureNet NXR-1300 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-155/c",
      "@product": "FutureNet NXR-155/C series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-160/lw",
      "@product": "FutureNet NXR-160/LW",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-230/c",
      "@product": "FutureNet NXR-230/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-350/c",
      "@product": "FutureNet NXR-350/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-530",
      "@product": "FutureNet NXR-530",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-610x",
      "@product": "FutureNet NXR-610X series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-650",
      "@product": "FutureNet NXR-650",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g050",
      "@product": "FutureNet NXR-G050 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g060",
      "@product": "FutureNet NXR-G060 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g100",
      "@product": "FutureNet NXR-G100 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g110",
      "@product": "FutureNet NXR-G110 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g120",
      "@product": "FutureNet NXR-G120 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g180/l-ca",
      "@product": "FutureNet NXR-G180/L-CA",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g200",
      "@product": "FutureNet NXR-G200 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_vxr/x64",
      "@product": "FutureNet VXR/x64",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_vxr/x86",
      "@product": "FutureNet VXR/x86",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_wxr-250",
      "@product": "FutureNet WXR-250",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "9.8",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-004595",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU96424864/index.html",
      "@id": "JVNVU#96424864",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31070",
      "@id": "CVE-2024-31070",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36475",
      "@id": "CVE-2024-36475",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36491",
      "@id": "CVE-2024-36491",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2020-10188",
      "@id": "CVE-2020-10188",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/1188.html",
      "@id": "CWE-1188",
      "@title": "Insecure Default Initialization of Resource(CWE-1188)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/120.html",
      "@id": "CWE-120",
      "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/489.html",
      "@id": "CWE-489",
      "@title": "Active Debug Code(CWE-489)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.