jvndb-2024-004595
Vulnerability from jvndb
Published
2024-07-29 17:51
Modified
2024-07-29 17:51
Severity ?
Summary
Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series
Details
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. * Initialization of a Resource with an Insecure Default (CWE-1188) CVE-2024-31070 * Active Debug Code (CWE-489) CVE-2024-36475 * OS Command Injection (CWE-78) CVE-2024-36491 * Buffer Overflow (CWE-120) CVE-2020-10188 The product uses previous versions of netkit-telnet which contains a known vulnerability. CVE-2024-31070, CVE-2024-36475 Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2024-36491, CVE-2020-10188 Century Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
  "dc:date": "2024-07-29T17:51+09:00",
  "dcterms:issued": "2024-07-29T17:51+09:00",
  "dcterms:modified": "2024-07-29T17:51+09:00",
  "description": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.\r\n  * Initialization of a Resource with an Insecure Default (CWE-1188)\r\nCVE-2024-31070\r\n  * Active Debug Code (CWE-489)\r\nCVE-2024-36475\r\n  * OS Command Injection (CWE-78)\r\nCVE-2024-36491\r\n  * Buffer Overflow (CWE-120)\r\nCVE-2020-10188\r\nThe product uses previous versions of netkit-telnet which contains a known vulnerability.\r\n\r\nCVE-2024-31070, CVE-2024-36475\r\nKatsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2024-36491, CVE-2020-10188\r\nCentury Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-120/c",
      "@product": "FutureNet NXR-120/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-1200",
      "@product": "FutureNet NXR-1200",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-125/cx",
      "@product": "FutureNet NXR-125/CX",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-130/c",
      "@product": "FutureNet NXR-130/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-1300",
      "@product": "FutureNet NXR-1300 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-155/c",
      "@product": "FutureNet NXR-155/C series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-160/lw",
      "@product": "FutureNet NXR-160/LW",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-230/c",
      "@product": "FutureNet NXR-230/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-350/c",
      "@product": "FutureNet NXR-350/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-530",
      "@product": "FutureNet NXR-530",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-610x",
      "@product": "FutureNet NXR-610X series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-650",
      "@product": "FutureNet NXR-650",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g050",
      "@product": "FutureNet NXR-G050 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g060",
      "@product": "FutureNet NXR-G060 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g100",
      "@product": "FutureNet NXR-G100 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g110",
      "@product": "FutureNet NXR-G110 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g120",
      "@product": "FutureNet NXR-G120 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g180/l-ca",
      "@product": "FutureNet NXR-G180/L-CA",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g200",
      "@product": "FutureNet NXR-G200 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_vxr/x64",
      "@product": "FutureNet VXR/x64",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_vxr/x86",
      "@product": "FutureNet VXR/x86",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_wxr-250",
      "@product": "FutureNet WXR-250",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "9.8",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-004595",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU96424864/index.html",
      "@id": "JVNVU#96424864",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31070",
      "@id": "CVE-2024-31070",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36475",
      "@id": "CVE-2024-36475",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36491",
      "@id": "CVE-2024-36491",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2020-10188",
      "@id": "CVE-2020-10188",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/1188.html",
      "@id": "CWE-1188",
      "@title": "Insecure Default Initialization of Resource(CWE-1188)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/120.html",
      "@id": "CWE-120",
      "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/489.html",
      "@id": "CWE-489",
      "@title": "Active Debug Code(CWE-489)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.