cvelistv5 - cve-2024-36475

cve-2024-36475

Vulnerability from cvelistv5

Published

2024-07-17 08:48

Modified

2024-08-02 03:37

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU96424864/	Third Party Advisory
vultures@jpcert.or.jp	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html	Vendor Advisory
vultures@jpcert.or.jp	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/vu/JVNVU96424864/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

Century Systems Co., Ltd.

FutureNet NXR-1300 series

Version: firmware version 7.4.9 and earlier

Century Systems Co., Ltd.	FutureNet NXR-650	Version: firmware version 21.16.1 and earlier
Century Systems Co., Ltd.	FutureNet NXR-610X series	Version: firmware version 21.14.11 and earlier
Century Systems Co., Ltd.	FutureNet NXR-530	Version: firmware version 21.11.13 and earlier
Century Systems Co., Ltd.	FutureNet NXR-350/C	Version: firmware version 5.30.9 and earlier
Century Systems Co., Ltd.	FutureNet NXR-230/C	Version: firmware version 5.30.12 and earlier
Century Systems Co., Ltd.	FutureNet NXR-160/LW	Version: firmware version 21.8.3 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G200 series	Version: firmware version 9.12.15 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G180/L-CA	Version: firmware version 21.7.28B and earlier
Century Systems Co., Ltd.	FutureNet NXR-G120 series	Version: firmware version 21.15.2 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G110 series	Version: firmware version 21.7.30C and earlier
Century Systems Co., Ltd.	FutureNet NXR-G100 series	Version: firmware version 6.23.10 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G060 series	Version: firmware version 21.15.5 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G050 series	Version: firmware version 21.12.9 and earlier
Century Systems Co., Ltd.	FutureNet VXR/x64	Version: firmware version 21.7.31 and earlier
Century Systems Co., Ltd.	FutureNet VXR/x86	Version: firmware version 10.1.4 and earlier
Century Systems Co., Ltd.	FutureNet NXR-1200	Version: firmware version 5.25.21 and earlier
Century Systems Co., Ltd.	FutureNet NXR-130/C	Version: firmware version 5.13.21 and earlier
Century Systems Co., Ltd.	FutureNet NXR-155/C series	Version: firmware version 5.22.5M and earlier
Century Systems Co., Ltd.	FutureNet NXR-125/CX	Version: firmware version 5.25.7H and earlier
Century Systems Co., Ltd.	FutureNet NXR-120/C	Version: firmware version 5.25.7H and earlier
Century Systems Co., Ltd.	FutureNet WXR-250	Version: firmware version 1.4.7 and earlier

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-1300_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "7.4.9",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-650_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "21.16.1",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-610x_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "21.14.11",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-530_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "21.11.13",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-350\\/c_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "5.30.9",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-230\\/c_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "5.30.12",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-160\\/lw_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "21.8.3",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-g200_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "9.12.15",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-g180\\/l-ca_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "21.7.28B",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-g120_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "21.15.2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-g110_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "21.7.30C",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-g100_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "6.23.10",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-g060_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "21.15.5",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-g050_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "21.12.9",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_vxr\\/x64_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "21.7.31",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_vxr\\/x86_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "10.1.4",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-1200_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "5.25.21",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-130\\/c_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "5.13.21",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-155\\/c_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "5.22.5M",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-125\\/cx_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "5.25.7H",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_nxr-120\\/c_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "5.25.7H",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "futurenet_wxr-250_firmware",
                  vendor: "centurysys",
                  versions: [
                     {
                        lessThanOrEqual: "1.4.7",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 7.2,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "HIGH",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2024-36475",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-25T19:32:43.680364Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-489",
                        description: "CWE-489 Active Debug Code",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-25T19:40:17.396Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T03:37:05.246Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://jvn.jp/en/vu/JVNVU96424864/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "FutureNet NXR-1300 series",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 7.4.9 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-650",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 21.16.1 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-610X series",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 21.14.11 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-530",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 21.11.13 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-350/C",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 5.30.9 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-230/C",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 5.30.12 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-160/LW",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 21.8.3 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-G200 series",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 9.12.15 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-G180/L-CA",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 21.7.28B and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-G120 series",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 21.15.2 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-G110 series",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 21.7.30C and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-G100 series",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 6.23.10 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-G060 series",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 21.15.5 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-G050 series",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 21.12.9 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet VXR/x64",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 21.7.31 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet VXR/x86",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 10.1.4 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-1200",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 5.25.21 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-130/C",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 5.13.21 and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-155/C series",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 5.22.5M and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-125/CX",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 5.25.7H and earlier",
                  },
               ],
            },
            {
               product: "FutureNet NXR-120/C",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 5.25.7H and earlier",
                  },
               ],
            },
            {
               product: "FutureNet WXR-250",
               vendor: "Century Systems Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "firmware version 1.4.7 and earlier",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Active debug code",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-07-17T08:48:33.524Z",
            orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            shortName: "jpcert",
         },
         references: [
            {
               url: "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html",
            },
            {
               url: "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html",
            },
            {
               url: "https://jvn.jp/en/vu/JVNVU96424864/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
      assignerShortName: "jpcert",
      cveId: "CVE-2024-36475",
      datePublished: "2024-07-17T08:48:33.524Z",
      dateReserved: "2024-06-06T06:08:00.324Z",
      dateUpdated: "2024-08-02T03:37:05.246Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2024-36475\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-07-17T09:15:03.013\",\"lastModified\":\"2024-11-21T09:22:15.240\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.\"},{\"lang\":\"es\",\"value\":\"Las series FutureNet NXR, VXR y WXR proporcionadas por Century Systems Co., Ltd. contienen una vulnerabilidad de código de depuración activa. Si un usuario que sabe cómo utilizar la función de depuración inicia sesión en el producto, se puede utilizar la función de depuración y se puede ejecutar un comando arbitrario del sistema operativo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-489\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.10\",\"matchCriteriaId\":\"93E1B6BE-9BC9-42A1-BAAD-F3B77480E39E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-155\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB857995-8BB6-43D8-8312-A07A9B0406EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.14.11c\",\"matchCriteriaId\":\"DAE4D3F9-8AD2-4E7F-A775-C7F9CDB2AF86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.12.10\",\"matchCriteriaId\":\"0A13E427-5D4C-438F-8138-32CFB0891B4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.15.6\",\"matchCriteriaId\":\"201D26E0-8485-4BBD-B5CB-AFAB668A3BCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.23.11\",\"matchCriteriaId\":\"4236D6DC-2190-4280-9667-DFF95C065800\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.7.32\",\"matchCriteriaId\":\"1C488D0A-3B6E-4C8B-9C05-C68E67A26E51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.15.2c\",\"matchCriteriaId\":\"10F93F4E-CFA1-4FE4-9FDB-D9C58B5967A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.12.16\",\"matchCriteriaId\":\"7016BF10-A68A-489E-AEE8-92B7CE768190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.7.32\",\"matchCriteriaId\":\"C4218167-7FDF-4ED7-B776-724504E8E5AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.1.5\",\"matchCriteriaId\":\"663661B7-9552-4E05-952F-3BD491B30B20\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-160\\\\/lw_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.8.4\",\"matchCriteriaId\":\"A03D7A97-5D7B-4A10-A83E-07DDEBC5F1F2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-160\\\\/lw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87410133-A2F3-4592-A808-04AFA816953C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-230\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.30.13\",\"matchCriteriaId\":\"85AD66C6-DF0F-4BC1-B979-C2BB8F09CBC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-230\\\\/c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FE0C63-8CF3-485C-8E8E-7C39AA07006F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-350\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.30.9c\",\"matchCriteriaId\":\"6A40EC07-7E1F-40F8-BE4B-DF03ED12E913\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-350\\\\/c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0B53442-E424-4FA2-9049-B66AF2B39200\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.11.14\",\"matchCriteriaId\":\"CBB1B1A5-A8FF-47E4-B544-407D7EFD39D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35845A42-42A5-4042-BCEA-8015F8CB5C37\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.16.2\",\"matchCriteriaId\":\"DBFB68AA-BA4A-4DF6-916A-D2597C1B65AE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A05CBE-5537-496C-BCB9-DEDE5DCB3A70\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-g180\\\\/l-ca_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.7.28c\",\"matchCriteriaId\":\"58FE55C1-3266-4183-8DD7-9F73F4B18446\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-g180\\\\/l-ca:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A0AEA14-2DF2-4E0E-AB16-49DC74F6CC78\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-130\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E78D5D52-53FD-4F1A-9B39-F43A6A718082\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-130\\\\/c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9AE2019-F134-4D0C-991E-613BED91BB7B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-125\\\\/cx_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B54CBE1A-E6E0-4C94-A187-B3B16BAF09A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-125\\\\/cx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B567654-440B-4173-90C8-BE3DFB0447C7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-120\\\\/c_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"955F9BBA-FDA1-46C5-ACD9-86661D7C6027\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-120\\\\/c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF4A7DC-3DBB-4CCD-B8B0-F4BFB188C135\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F62ECC5-D4AA-4C75-AD1D-8C130E9C7118\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44B45729-2265-4DB0-BD01-F133C7B2C857\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55D6BD64-221C-48A1-8A54-F41BDDE0A199\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70F6FF8E-4303-4213-9603-B81ACA9CEE8E\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/vu/JVNVU96424864/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/vu/JVNVU96424864/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36475\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-25T19:32:43.680364Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-1300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.4.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-650_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.16.1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-610x_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.14.11\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-530_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.11.13\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-350\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-350\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.30.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-230\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-230\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.30.12\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-160\\\\/lw_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-160\\\\/lw_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.8.3\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g200_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.12.15\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g180\\\\/l-ca_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g180\\\\/l-ca_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.7.28B\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g120_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.15.2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g110_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.7.30C\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g100_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.23.10\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g060_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.15.5\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g050_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.12.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_vxr\\\\/x64_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_vxr\\\\/x64_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.7.31\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_vxr\\\\/x86_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_vxr\\\\/x86_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-1200_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.25.21\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-130\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-130\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.13.21\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-155\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-155\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.22.5M\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-125\\\\/cx_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-125\\\\/cx_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.25.7H\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-120\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-120\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.25.7H\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_wxr-250_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.4.7\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-489\", \"description\": \"CWE-489 Active Debug Code\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-25T19:35:41.992Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-1300 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 7.4.9 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-650\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.16.1 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-610X series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.14.11 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-530\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.11.13 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-350/C\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.30.9 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-230/C\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.30.12 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-160/LW\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.8.3 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G200 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 9.12.15 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G180/L-CA\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.7.28B and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G120 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.15.2 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G110 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.7.30C and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G100 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 6.23.10 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G060 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.15.5 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G050 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.12.9 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet VXR/x64\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.7.31 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet VXR/x86\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 10.1.4 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-1200\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.25.21 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-130/C\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.13.21 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-155/C series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.22.5M and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-125/CX\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.25.7H and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-120/C\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.25.7H and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet WXR-250\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 1.4.7 and earlier\"}]}], \"references\": [{\"url\": \"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\"}, {\"url\": \"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\"}, {\"url\": \"https://jvn.jp/en/vu/JVNVU96424864/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Active debug code\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-07-17T08:48:33.524Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-36475\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-07-25T19:40:17.396Z\", \"dateReserved\": \"2024-06-06T06:08:00.324Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-07-17T08:48:33.524Z\", \"assignerShortName\": \"jpcert\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}

cve-2024-36475

Vulnerability from jvndb

Published

2024-07-29 17:51

Modified

2024-07-29 17:51

Severity ?

9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series

Details

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. * Initialization of a Resource with an Insecure Default (CWE-1188) CVE-2024-31070 * Active Debug Code (CWE-489) CVE-2024-36475 * OS Command Injection (CWE-78) CVE-2024-36491 * Buffer Overflow (CWE-120) CVE-2020-10188 The product uses previous versions of netkit-telnet which contains a known vulnerability. CVE-2024-31070, CVE-2024-36475 Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2024-36491, CVE-2020-10188 Century Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.

References

▼	Type	URL
	JVN	https://jvn.jp/en/vu/JVNVU96424864/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-31070
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-36475
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-36491
	CVE	https://www.cve.org/CVERecord?id=CVE-2020-10188
	Insecure Default Initialization of Resource(CWE-1188)	https://cwe.mitre.org/data/definitions/1188.html
	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120)	https://cwe.mitre.org/data/definitions/120.html
	Active Debug Code(CWE-489)	https://cwe.mitre.org/data/definitions/489.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Century Systems Co., Ltd.	FutureNet NXR-120/C
	Century Systems Co., Ltd.	FutureNet NXR-1200
	Century Systems Co., Ltd.	FutureNet NXR-125/CX
	Century Systems Co., Ltd.	FutureNet NXR-130/C
	Century Systems Co., Ltd.	FutureNet NXR-1300 series
	Century Systems Co., Ltd.	FutureNet NXR-155/C series
	Century Systems Co., Ltd.	FutureNet NXR-160/LW
	Century Systems Co., Ltd.	FutureNet NXR-230/C
	Century Systems Co., Ltd.	FutureNet NXR-350/C
	Century Systems Co., Ltd.	FutureNet NXR-530
	Century Systems Co., Ltd.	FutureNet NXR-610X series
	Century Systems Co., Ltd.	FutureNet NXR-650
	Century Systems Co., Ltd.	FutureNet NXR-G050 series
	Century Systems Co., Ltd.	FutureNet NXR-G060 series
	Century Systems Co., Ltd.	FutureNet NXR-G100 series
	Century Systems Co., Ltd.	FutureNet NXR-G110 series
	Century Systems Co., Ltd.	FutureNet NXR-G120 series
	Century Systems Co., Ltd.	FutureNet NXR-G180/L-CA
	Century Systems Co., Ltd.	FutureNet NXR-G200 series
	Century Systems Co., Ltd.	FutureNet VXR/x64
	Century Systems Co., Ltd.	FutureNet VXR/x86
	Century Systems Co., Ltd.	FutureNet WXR-250

Show details on JVN DB website

JSON

To clipboard

{
   "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
   "dc:date": "2024-07-29T17:51+09:00",
   "dcterms:issued": "2024-07-29T17:51+09:00",
   "dcterms:modified": "2024-07-29T17:51+09:00",
   description: "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.\r\n  * Initialization of a Resource with an Insecure Default (CWE-1188)\r\nCVE-2024-31070\r\n  * Active Debug Code (CWE-489)\r\nCVE-2024-36475\r\n  * OS Command Injection (CWE-78)\r\nCVE-2024-36491\r\n  * Buffer Overflow (CWE-120)\r\nCVE-2020-10188\r\nThe product uses previous versions of netkit-telnet which contains a known vulnerability.\r\n\r\nCVE-2024-31070, CVE-2024-36475\r\nKatsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2024-36491, CVE-2020-10188\r\nCentury Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.",
   link: "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
   "sec:cpe": [
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-120/c",
         "@product": "FutureNet NXR-120/C",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-1200",
         "@product": "FutureNet NXR-1200",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-125/cx",
         "@product": "FutureNet NXR-125/CX",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-130/c",
         "@product": "FutureNet NXR-130/C",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-1300",
         "@product": "FutureNet NXR-1300 series",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-155/c",
         "@product": "FutureNet NXR-155/C series",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-160/lw",
         "@product": "FutureNet NXR-160/LW",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-230/c",
         "@product": "FutureNet NXR-230/C",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-350/c",
         "@product": "FutureNet NXR-350/C",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-530",
         "@product": "FutureNet NXR-530",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-610x",
         "@product": "FutureNet NXR-610X series",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-650",
         "@product": "FutureNet NXR-650",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-g050",
         "@product": "FutureNet NXR-G050 series",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-g060",
         "@product": "FutureNet NXR-G060 series",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-g100",
         "@product": "FutureNet NXR-G100 series",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-g110",
         "@product": "FutureNet NXR-G110 series",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-g120",
         "@product": "FutureNet NXR-G120 series",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-g180/l-ca",
         "@product": "FutureNet NXR-G180/L-CA",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_nxr-g200",
         "@product": "FutureNet NXR-G200 series",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_vxr/x64",
         "@product": "FutureNet VXR/x64",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_vxr/x86",
         "@product": "FutureNet VXR/x86",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/o:centurysys:futurenet_wxr-250",
         "@product": "FutureNet WXR-250",
         "@vendor": "Century Systems Co., Ltd.",
         "@version": "2.2",
      },
   ],
   "sec:cvss": {
      "@score": "9.8",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0",
   },
   "sec:identifier": "JVNDB-2024-004595",
   "sec:references": [
      {
         "#text": "https://jvn.jp/en/vu/JVNVU96424864/index.html",
         "@id": "JVNVU#96424864",
         "@source": "JVN",
      },
      {
         "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31070",
         "@id": "CVE-2024-31070",
         "@source": "CVE",
      },
      {
         "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36475",
         "@id": "CVE-2024-36475",
         "@source": "CVE",
      },
      {
         "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36491",
         "@id": "CVE-2024-36491",
         "@source": "CVE",
      },
      {
         "#text": "https://www.cve.org/CVERecord?id=CVE-2020-10188",
         "@id": "CVE-2020-10188",
         "@source": "CVE",
      },
      {
         "#text": "https://cwe.mitre.org/data/definitions/1188.html",
         "@id": "CWE-1188",
         "@title": "Insecure Default Initialization of Resource(CWE-1188)",
      },
      {
         "#text": "https://cwe.mitre.org/data/definitions/120.html",
         "@id": "CWE-120",
         "@title": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120)",
      },
      {
         "#text": "https://cwe.mitre.org/data/definitions/489.html",
         "@id": "CWE-489",
         "@title": "Active Debug Code(CWE-489)",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-78",
         "@title": "OS Command Injection(CWE-78)",
      },
   ],
   title: "Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series",
}

ghsa-hx98-fgmp-472p

Vulnerability from github

Published

2024-07-17 09:30

Modified

2024-08-01 15:32

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2024-36475",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-489",
         "CWE-78",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2024-07-17T09:15:03Z",
      severity: "HIGH",
   },
   details: "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.",
   id: "GHSA-hx98-fgmp-472p",
   modified: "2024-08-01T15:32:05Z",
   published: "2024-07-17T09:30:49Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2024-36475",
      },
      {
         type: "WEB",
         url: "https://jvn.jp/en/vu/JVNVU96424864",
      },
      {
         type: "WEB",
         url: "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html",
      },
      {
         type: "WEB",
         url: "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
         type: "CVSS_V3",
      },
   ],
}

fkie_cve-2024-36475

Vulnerability from fkie_nvd

Published

2024-07-17 09:15

Modified

2024-11-21 09:22

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU96424864/	Third Party Advisory
vultures@jpcert.or.jp	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html	Vendor Advisory
vultures@jpcert.or.jp	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/vu/JVNVU96424864/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html	Vendor Advisory

Impacted products

Vendor	Product	Version
centurysys	futurenet_nxr-1300_firmware	*
centurysys	futurenet_nxr-155\/c_firmware	*
centurysys	futurenet_nxr-610x_firmware	*
centurysys	futurenet_nxr-g050_firmware	*
centurysys	futurenet_nxr-g060_firmware	*
centurysys	futurenet_nxr-g100_firmware	*
centurysys	futurenet_nxr-g110_firmware	*
centurysys	futurenet_nxr-g120_firmware	*
centurysys	futurenet_nxr-g200_firmware	*
centurysys	futurenet_vxr-x64	*
centurysys	futurenet_vxr-x86	*
centurysys	futurenet_nxr-160\/lw_firmware	*
centurysys	futurenet_nxr-160\/lw	-
centurysys	futurenet_nxr-230\/c_firmware	*
centurysys	futurenet_nxr-230\/c	-
centurysys	futurenet_nxr-350\/c_firmware	*
centurysys	futurenet_nxr-350\/c	-
centurysys	futurenet_nxr-530_firmware	*
centurysys	futurenet_nxr-530	-
centurysys	futurenet_nxr-650_firmware	*
centurysys	futurenet_nxr-650	-
centurysys	futurenet_nxr-g180\/l-ca_firmware	*
centurysys	futurenet_nxr-g180\/l-ca	-
centurysys	futurenet_nxr-130\/c_firmware	*
centurysys	futurenet_nxr-130\/c	-
centurysys	futurenet_nxr-125\/cx_firmware	*
centurysys	futurenet_nxr-125\/cx	-
centurysys	futurenet_nxr-120\/c_firmware	*
centurysys	futurenet_nxr-120\/c	-
centurysys	futurenet_wxr-250_firmware	*
centurysys	futurenet_wxr-250	-
centurysys	futurenet_nxr-1200_firmware	*
centurysys	futurenet_nxr-1200	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "93E1B6BE-9BC9-42A1-BAAD-F3B77480E39E",
                     versionEndExcluding: "7.4.10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB857995-8BB6-43D8-8312-A07A9B0406EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DAE4D3F9-8AD2-4E7F-A775-C7F9CDB2AF86",
                     versionEndExcluding: "21.14.11c",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A13E427-5D4C-438F-8138-32CFB0891B4A",
                     versionEndExcluding: "21.12.10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "201D26E0-8485-4BBD-B5CB-AFAB668A3BCB",
                     versionEndExcluding: "21.15.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4236D6DC-2190-4280-9667-DFF95C065800",
                     versionEndExcluding: "6.23.11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C488D0A-3B6E-4C8B-9C05-C68E67A26E51",
                     versionEndExcluding: "21.7.32",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F93F4E-CFA1-4FE4-9FDB-D9C58B5967A4",
                     versionEndExcluding: "21.15.2c",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7016BF10-A68A-489E-AEE8-92B7CE768190",
                     versionEndExcluding: "9.12.16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4218167-7FDF-4ED7-B776-724504E8E5AF",
                     versionEndExcluding: "21.7.32",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "663661B7-9552-4E05-952F-3BD491B30B20",
                     versionEndExcluding: "10.1.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A03D7A97-5D7B-4A10-A83E-07DDEBC5F1F2",
                     versionEndExcluding: "21.8.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:centurysys:futurenet_nxr-160\\/lw:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "87410133-A2F3-4592-A808-04AFA816953C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "85AD66C6-DF0F-4BC1-B979-C2BB8F09CBC9",
                     versionEndExcluding: "5.30.13",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:centurysys:futurenet_nxr-230\\/c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8FE0C63-8CF3-485C-8E8E-7C39AA07006F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A40EC07-7E1F-40F8-BE4B-DF03ED12E913",
                     versionEndExcluding: "5.30.9c",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:centurysys:futurenet_nxr-350\\/c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B0B53442-E424-4FA2-9049-B66AF2B39200",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CBB1B1A5-A8FF-47E4-B544-407D7EFD39D7",
                     versionEndExcluding: "21.11.14",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "35845A42-42A5-4042-BCEA-8015F8CB5C37",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBFB68AA-BA4A-4DF6-916A-D2597C1B65AE",
                     versionEndExcluding: "21.16.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:centurysys:futurenet_nxr-650:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2A05CBE-5537-496C-BCB9-DEDE5DCB3A70",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "58FE55C1-3266-4183-8DD7-9F73F4B18446",
                     versionEndExcluding: "21.7.28c",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:centurysys:futurenet_nxr-g180\\/l-ca:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A0AEA14-2DF2-4E0E-AB16-49DC74F6CC78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E78D5D52-53FD-4F1A-9B39-F43A6A718082",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:centurysys:futurenet_nxr-130\\/c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9AE2019-F134-4D0C-991E-613BED91BB7B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B54CBE1A-E6E0-4C94-A187-B3B16BAF09A8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:centurysys:futurenet_nxr-125\\/cx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B567654-440B-4173-90C8-BE3DFB0447C7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "955F9BBA-FDA1-46C5-ACD9-86661D7C6027",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:centurysys:futurenet_nxr-120\\/c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFF4A7DC-3DBB-4CCD-B8B0-F4BFB188C135",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F62ECC5-D4AA-4C75-AD1D-8C130E9C7118",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "44B45729-2265-4DB0-BD01-F133C7B2C857",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "55D6BD64-221C-48A1-8A54-F41BDDE0A199",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "70F6FF8E-4303-4213-9603-B81ACA9CEE8E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.",
      },
      {
         lang: "es",
         value: "Las series FutureNet NXR, VXR y WXR proporcionadas por Century Systems Co., Ltd. contienen una vulnerabilidad de código de depuración activa. Si un usuario que sabe cómo utilizar la función de depuración inicia sesión en el producto, se puede utilizar la función de depuración y se puede ejecutar un comando arbitrario del sistema operativo.",
      },
   ],
   id: "CVE-2024-36475",
   lastModified: "2024-11-21T09:22:15.240",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2024-07-17T09:15:03.013",
   references: [
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://jvn.jp/en/vu/JVNVU96424864/",
      },
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html",
      },
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://jvn.jp/en/vu/JVNVU96424864/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html",
      },
   ],
   sourceIdentifier: "vultures@jpcert.or.jp",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-489",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2024-36475

Vulnerability from cvelistv5

cve-2024-36475

Vulnerability from jvndb

ghsa-hx98-fgmp-472p

Vulnerability from github

fkie_cve-2024-36475

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature