Refine your search
2 vulnerabilities found for by Century Systems Co., Ltd.
CVE-2025-54763 (GCVE-0-2025-54763)
Vulnerability from cvelistv5
Published
2025-10-31 05:55
Modified
2025-10-31 17:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Summary
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet MA-X series |
Version: from 6.0.0 to 6.4.1 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T17:09:21.191509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T17:15:10.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet MA-X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 6.0.0 to 6.4.1"
}
]
},
{
"product": "FutureNet MA-E300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.2.1"
}
]
},
{
"product": "FutureNet MA-S series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.4.0"
}
]
},
{
"product": "FutureNet MA-P series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.4.0"
}
]
},
{
"product": "FutureNet IP-K series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 2.0.0 to 2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T05:55:24.573Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98191201/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-54763",
"datePublished": "2025-10-31T05:55:24.573Z",
"dateReserved": "2025-10-17T08:08:15.679Z",
"dateUpdated": "2025-10-31T17:15:10.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58152 (GCVE-0-2025-58152)
Vulnerability from cvelistv5
Published
2025-10-31 05:55
Modified
2025-10-31 17:07
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-552 - Files or directories accessible to external parties
Summary
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet MA-X series |
Version: from 6.0.0 to 6.4.1 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T17:07:21.751490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T17:07:56.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet MA-X series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 6.0.0 to 6.4.1"
}
]
},
{
"product": "FutureNet MA-E300 series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.2.1"
}
]
},
{
"product": "FutureNet MA-S series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.4.0"
}
]
},
{
"product": "FutureNet MA-P series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 5.0.0 to 6.4.0"
}
]
},
{
"product": "FutureNet IP-K series",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "from 2.0.0 to 2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or directories accessible to external parties",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T05:55:02.996Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98191201/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58152",
"datePublished": "2025-10-31T05:55:02.996Z",
"dateReserved": "2025-10-17T08:08:12.702Z",
"dateUpdated": "2025-10-31T17:07:56.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}