CVE-2024-36475

Description

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Century Systems Co., Ltd. / FutureNet NXR-1200firmware version 5.25.21 and earlier – firmware version 5.25.21 and earlier
Century Systems Co., Ltd. / FutureNet NXR-120/Cfirmware version 5.25.7H and earlier – firmware version 5.25.7H and earlier
Century Systems Co., Ltd. / FutureNet NXR-125/CXfirmware version 5.25.7H and earlier – firmware version 5.25.7H and earlier
Century Systems Co., Ltd. / FutureNet NXR-1300 seriesfirmware version 7.4.9 and earlier – firmware version 7.4.9 and earlier
Century Systems Co., Ltd. / FutureNet NXR-130/Cfirmware version 5.13.21 and earlier – firmware version 5.13.21 and earlier
Century Systems Co., Ltd. / FutureNet NXR-155/C seriesfirmware version 5.22.5M and earlier – firmware version 5.22.5M and earlier
Century Systems Co., Ltd. / FutureNet NXR-160/LWfirmware version 21.8.3 and earlier – firmware version 21.8.3 and earlier
Century Systems Co., Ltd. / FutureNet NXR-230/Cfirmware version 5.30.12 and earlier – firmware version 5.30.12 and earlier
Century Systems Co., Ltd. / FutureNet NXR-350/Cfirmware version 5.30.9 and earlier – firmware version 5.30.9 and earlier
Century Systems Co., Ltd. / FutureNet NXR-530firmware version 21.11.13 and earlier – firmware version 21.11.13 and earlier
Century Systems Co., Ltd. / FutureNet NXR-610X seriesfirmware version 21.14.11 and earlier – firmware version 21.14.11 and earlier
Century Systems Co., Ltd. / FutureNet NXR-650firmware version 21.16.1 and earlier – firmware version 21.16.1 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G050 seriesfirmware version 21.12.9 and earlier – firmware version 21.12.9 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G060 seriesfirmware version 21.15.5 and earlier – firmware version 21.15.5 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G100 seriesfirmware version 6.23.10 and earlier – firmware version 6.23.10 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G110 seriesfirmware version 21.7.30C and earlier – firmware version 21.7.30C and earlier
Century Systems Co., Ltd. / FutureNet NXR-G120 seriesfirmware version 21.15.2 and earlier – firmware version 21.15.2 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G180/L-CAfirmware version 21.7.28B and earlier – firmware version 21.7.28B and earlier
Century Systems Co., Ltd. / FutureNet NXR-G200 seriesfirmware version 9.12.15 and earlier – firmware version 9.12.15 and earlier
Century Systems Co., Ltd. / FutureNet VXR-x64firmware version 21.7.31 and earlier – firmware version 21.7.31 and earlier
Century Systems Co., Ltd. / FutureNet VXR-x86firmware version 10.1.4 and earlier – firmware version 10.1.4 and earlier
Century Systems Co., Ltd. / FutureNet WXR-250firmware version 1.4.7 and earlier – firmware version 1.4.7 and earlier

CVE-2024-36475

Description

CVSS breakdown

Affected products

References