CVE-2025-30485

Description

UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.

CVSS breakdown

CVSS 3.0

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Century Systems Co., Ltd. / FutureNet NXR-1200N/A – N/A
Century Systems Co., Ltd. / FutureNet NXR-120/CN/A – N/A
Century Systems Co., Ltd. / FutureNet NXR-125/CXN/A – N/A
Century Systems Co., Ltd. / FutureNet NXR-1300 seriesfirmware version 7.4.12 and earlier – firmware version 7.4.12 and earlier
Century Systems Co., Ltd. / FutureNet NXR-130/CN/A – N/A
Century Systems Co., Ltd. / FutureNet NXR-1420firmware version 31.0.1 and earlier – firmware version 31.0.1 and earlier
Century Systems Co., Ltd. / FutureNet NXR-155/C-LN/A – N/A
Century Systems Co., Ltd. / FutureNet NXR-155/C-WMN/A – N/A
Century Systems Co., Ltd. / FutureNet NXR-155/C-XWN/A – N/A
Century Systems Co., Ltd. / FutureNet NXR-160/LWfirmware version 21.8.4 and earlier – firmware version 21.8.4 and earlier
Century Systems Co., Ltd. / FutureNet NXR-230/Cfirmware version 5.30.13 and earlier – firmware version 5.30.13 and earlier
Century Systems Co., Ltd. / FutureNet NXR-350/Cfirmware version 5.30.9C and earlier – firmware version 5.30.9C and earlier
Century Systems Co., Ltd. / FutureNet NXR-530firmware version 21.11.15 and earlier – firmware version 21.11.15 and earlier
Century Systems Co., Ltd. / FutureNet NXR-610X seriesfirmware version 21.14.11D and earlier – firmware version 21.14.11D and earlier
Century Systems Co., Ltd. / FutureNet NXR-650firmware version 21.16.5 and earlier – firmware version 21.16.5 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G050 seriesfirmware version 21.12.11 and earlier – firmware version 21.12.11 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G060 seriesfirmware version 21.15.6C2 and earlier – firmware version 21.15.6C2 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G100/FN/A – N/A
Century Systems Co., Ltd. / FutureNet NXR-G100/NN/A – N/A
Century Systems Co., Ltd. / FutureNet NXR-G100/SN/A – N/A
Century Systems Co., Ltd. / FutureNet NXR-G100 seriesfirmware version 6.23.11 and earlier – firmware version 6.23.11 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G100/SLN/A – N/A
Century Systems Co., Ltd. / FutureNet NXR-G100/SLWN/A – N/A
Century Systems Co., Ltd. / FutureNet NXR-G110 seriesfirmware version 21.15.10 and earlier – firmware version 21.15.10 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G120 seriesfirmware version 21.15.2C1 and earlier – firmware version 21.15.2C1 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G180/L-CAfirmware version 21.7.33 and earlier – firmware version 21.7.33 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G240 seriesfirmware version 9.12.17 and earlier – firmware version 9.12.17 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G260 seriesfirmware version 9.12.17 and earlier – firmware version 9.12.17 and earlier
Century Systems Co., Ltd. / FutureNet NXR-G540 seriesfirmware version 21.17.0 – firmware version 21.17.0
Century Systems Co., Ltd. / FutureNet VXR-x64firmware version 21.7.33 and earlier – firmware version 21.7.33 and earlier
Century Systems Co., Ltd. / FutureNet VXR-x86firmware version 10.1.5 and earlier – firmware version 10.1.5 and earlier
Century Systems Co., Ltd. / FutureNet WXR-250N/A – N/A

CVE-2025-30485

Description

CVSS breakdown

Affected products

References