CVE-2024-31070

EUVD-2024-34444
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
centurysysfuturenet_nxr-1300_firmware
𝑥
< 7.4.10
centurysysfuturenet_nxr-155\/c_firmware
*
centurysysfuturenet_nxr-610x_firmware
𝑥
< 21.14.11c
centurysysfuturenet_nxr-g050_firmware
𝑥
< 21.12.10
centurysysfuturenet_nxr-g060_firmware
𝑥
< 21.15.6
centurysysfuturenet_nxr-g100_firmware
𝑥
< 6.23.11
centurysysfuturenet_nxr-g110_firmware
𝑥
< 21.7.32
centurysysfuturenet_nxr-g120_firmware
𝑥
< 21.15.2c
centurysysfuturenet_nxr-g200_firmware
𝑥
< 9.12.16
centurysysfuturenet_vxr-x64
𝑥
< 21.7.32
centurysysfuturenet_vxr-x86
𝑥
< 10.1.5
centurysysfuturenet_nxr-160\/lw_firmware
𝑥
< 21.8.4
centurysysfuturenet_nxr-230\/c_firmware
𝑥
< 5.30.13
centurysysfuturenet_nxr-350\/c_firmware
𝑥
< 5.30.9c
centurysysfuturenet_nxr-530_firmware
𝑥
< 21.11.14
centurysysfuturenet_nxr-650_firmware
𝑥
< 21.16.2
centurysysfuturenet_nxr-g180\/l-ca_firmware
𝑥
< 21.7.28c
centurysysfuturenet_nxr-130\/c_firmware
*
centurysysfuturenet_nxr-125\/cx_firmware
*
centurysysfuturenet_nxr-120\/c_firmware
*
centurysysfuturenet_wxr-250_firmware
*
centurysysfuturenet_nxr-1200_firmware
*
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
centurysysfuturenet_nxr-1300_firmware
𝑥
≤ 7.4.9
ADP
centurysysfuturenet_nxr-650_firmware
𝑥
≤ 21.16.1
ADP
centurysysfuturenet_nxr-610x_firmware
𝑥
≤ 21.14.11
ADP
centurysysfuturenet_nxr-530_firmware
𝑥
≤ 21.11.13
ADP
centurysysfuturenet_nxr-350\/c_firmware
𝑥
≤ 5.30.9
ADP
centurysysfuturenet_nxr-230\/c_firmware
𝑥
≤ 5.30.12
ADP
centurysysfuturenet_nxr-160\/lw_firmware
𝑥
≤ 21.8.3
ADP
centurysysfuturenet_nxr-g200_firmware
𝑥
≤ 9.12.15
ADP
centurysysfuturenet_nxr-g180\/l-ca_firmware
𝑥
≤ 21.7.28B
ADP
centurysysfuturenet_nxr-g120_firmware
𝑥
≤ 21.15.2
ADP
centurysysfuturenet_nxr-g110_firmware
𝑥
≤ 21.7.30C
ADP
centurysysfuturenet_nxr-g100_firmware
𝑥
≤ 6.23.10
ADP
centurysysfuturenet_nxr-g060_firmware
𝑥
≤ 21.15.5
ADP
centurysysfuturenet_nxr-g050_firmware
𝑥
≤ 21.12.9
ADP
centurysysfuturenet_vxr\/x64_firmware
𝑥
≤ 21.7.31
ADP
centurysysfuturenet_vxr\/x86_firmware
𝑥
≤ 10.1.4
ADP
centurysysfuturenet_nxr-1200_firmware
𝑥
≤ 5.25.21
ADP
centurysysfuturenet_nxr-130\/c_firmware
𝑥
≤ 5.13.21
ADP
centurysysfuturenet_nxr-155\/c_firmware
𝑥
≤ 5.22.5M
ADP
centurysysfuturenet_nxr-125\/cx_firmware
𝑥
≤ 5.25.7H
ADP
centurysysfuturenet_nxr-120\/c_firmware
𝑥
≤ 5.25.7H
ADP
centurysysfuturenet_wxr-250_firmware
𝑥
≤ 1.4.7
ADP
Common Weakness Enumeration
References
https://jvn.jp/en/vu/JVNVU96424864/
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html
https://jvn.jp/en/vu/JVNVU96424864/
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html