CVE-2024-36475

EUVD-2024-36112
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
centurysysfuturenet_nxr-1300_firmware
𝑥
< 7.4.10
centurysysfuturenet_nxr-155\/c_firmware
*
centurysysfuturenet_nxr-610x_firmware
𝑥
< 21.14.11c
centurysysfuturenet_nxr-g050_firmware
𝑥
< 21.12.10
centurysysfuturenet_nxr-g060_firmware
𝑥
< 21.15.6
centurysysfuturenet_nxr-g100_firmware
𝑥
< 6.23.11
centurysysfuturenet_nxr-g110_firmware
𝑥
< 21.7.32
centurysysfuturenet_nxr-g120_firmware
𝑥
< 21.15.2c
centurysysfuturenet_nxr-g200_firmware
𝑥
< 9.12.16
centurysysfuturenet_vxr-x64
𝑥
< 21.7.32
centurysysfuturenet_vxr-x86
𝑥
< 10.1.5
centurysysfuturenet_nxr-160\/lw_firmware
𝑥
< 21.8.4
centurysysfuturenet_nxr-230\/c_firmware
𝑥
< 5.30.13
centurysysfuturenet_nxr-350\/c_firmware
𝑥
< 5.30.9c
centurysysfuturenet_nxr-530_firmware
𝑥
< 21.11.14
centurysysfuturenet_nxr-650_firmware
𝑥
< 21.16.2
centurysysfuturenet_nxr-g180\/l-ca_firmware
𝑥
< 21.7.28c
centurysysfuturenet_nxr-130\/c_firmware
*
centurysysfuturenet_nxr-125\/cx_firmware
*
centurysysfuturenet_nxr-120\/c_firmware
*
centurysysfuturenet_wxr-250_firmware
*
centurysysfuturenet_nxr-1200_firmware
*
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
centurysysfuturenet_nxr-1300_firmware
𝑥
≤ 7.4.9
ADP
centurysysfuturenet_nxr-650_firmware
𝑥
≤ 21.16.1
ADP
centurysysfuturenet_nxr-610x_firmware
𝑥
≤ 21.14.11
ADP
centurysysfuturenet_nxr-530_firmware
𝑥
≤ 21.11.13
ADP
centurysysfuturenet_nxr-350\/c_firmware
𝑥
≤ 5.30.9
ADP
centurysysfuturenet_nxr-230\/c_firmware
𝑥
≤ 5.30.12
ADP
centurysysfuturenet_nxr-160\/lw_firmware
𝑥
≤ 21.8.3
ADP
centurysysfuturenet_nxr-g200_firmware
𝑥
≤ 9.12.15
ADP
centurysysfuturenet_nxr-g180\/l-ca_firmware
𝑥
≤ 21.7.28B
ADP
centurysysfuturenet_nxr-g120_firmware
𝑥
≤ 21.15.2
ADP
centurysysfuturenet_nxr-g110_firmware
𝑥
≤ 21.7.30C
ADP
centurysysfuturenet_nxr-g100_firmware
𝑥
≤ 6.23.10
ADP
centurysysfuturenet_nxr-g060_firmware
𝑥
≤ 21.15.5
ADP
centurysysfuturenet_nxr-g050_firmware
𝑥
≤ 21.12.9
ADP
centurysysfuturenet_vxr\/x64_firmware
𝑥
≤ 21.7.31
ADP
centurysysfuturenet_vxr\/x86_firmware
𝑥
≤ 10.1.4
ADP
centurysysfuturenet_nxr-1200_firmware
𝑥
≤ 5.25.21
ADP
centurysysfuturenet_nxr-130\/c_firmware
𝑥
≤ 5.13.21
ADP
centurysysfuturenet_nxr-155\/c_firmware
𝑥
≤ 5.22.5M
ADP
centurysysfuturenet_nxr-125\/cx_firmware
𝑥
≤ 5.25.7H
ADP
centurysysfuturenet_nxr-120\/c_firmware
𝑥
≤ 5.25.7H
ADP
centurysysfuturenet_wxr-250_firmware
𝑥
≤ 1.4.7
ADP
Common Weakness Enumeration
References
https://jvn.jp/en/vu/JVNVU96424864/
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html
https://jvn.jp/en/vu/JVNVU96424864/
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html