CVE-2024-36491

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36491
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/vu/JVNVU96424864/ Third Party Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html Vendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html Vendor Advisory
https://jvn.jp/en/vu/JVNVU96424864/ Third Party Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html Vendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*
History

01 Apr 2025, 05:15

Type Values Removed Values Added
Summary (en) FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition. (en) FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.

21 Nov 2024, 09:22

Type Values Removed Values Added
References () https://jvn.jp/en/vu/JVNVU96424864/ - Third Party Advisory () https://jvn.jp/en/vu/JVNVU96424864/ - Third Party Advisory
References () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html - Vendor Advisory () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html - Vendor Advisory
References () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html - Vendor Advisory () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html - Vendor Advisory

27 Sep 2024, 14:05

Type Values Removed Values Added
CPE cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*
First Time Centurysys futurenet Nxr-130\/c
Centurysys futurenet Nxr-610x Firmware
Centurysys futurenet Nxr-350\/c
Centurysys futurenet Nxr-350\/c Firmware
Centurysys futurenet Nxr-1200 Firmware
Centurysys futurenet Nxr-g050 Firmware
Centurysys futurenet Nxr-230\/c Firmware
Centurysys futurenet Nxr-160\/lw
Centurysys futurenet Nxr-g180\/l-ca Firmware
Centurysys futurenet Nxr-g110 Firmware
Centurysys futurenet Nxr-530 Firmware
Centurysys futurenet Nxr-1300 Firmware
Centurysys futurenet Nxr-g100 Firmware
Centurysys
Centurysys futurenet Nxr-530
Centurysys futurenet Nxr-230\/c
Centurysys futurenet Nxr-125\/cx Firmware
Centurysys futurenet Nxr-120\/c
Centurysys futurenet Nxr-130\/c Firmware
Centurysys futurenet Wxr-250 Firmware
Centurysys futurenet Nxr-g060 Firmware
Centurysys futurenet Wxr-250
Centurysys futurenet Nxr-160\/lw Firmware
Centurysys futurenet Nxr-g180\/l-ca
Centurysys futurenet Nxr-155\/c Firmware
Centurysys futurenet Nxr-g120 Firmware
Centurysys futurenet Nxr-1200
Centurysys futurenet Vxr-x86
Centurysys futurenet Vxr-x64
Centurysys futurenet Nxr-650 Firmware
Centurysys futurenet Nxr-120\/c Firmware
Centurysys futurenet Nxr-g200 Firmware
References () https://jvn.jp/en/vu/JVNVU96424864/ - () https://jvn.jp/en/vu/JVNVU96424864/ - Third Party Advisory
References () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html - () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html - Vendor Advisory
References () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html - () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html - Vendor Advisory

01 Aug 2024, 13:52

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
Summary
  • (es) Las series FutureNet NXR, VXR y WXR proporcionadas por Century Systems Co., Ltd. permiten que un atacante remoto no autenticado ejecute un comando arbitrario del sistema operativo, obtenga y/o altere información confidencial y pueda provocar una condición de denegación de servicio (DoS).
CWE CWE-78

17 Jul 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-17 09:15

Updated : 2025-04-01 05:15

NVD link : CVE-2024-36491

Mitre link : CVE-2024-36491

CVE.ORG link : CVE-2024-36491

JSON object : View

Products Affected

centurysys

  • futurenet_wxr-250
  • futurenet_vxr-x64
  • futurenet_nxr-530
  • futurenet_nxr-230\/c_firmware
  • futurenet_nxr-610x_firmware
  • futurenet_nxr-120\/c_firmware
  • futurenet_nxr-130\/c_firmware
  • futurenet_nxr-155\/c_firmware
  • futurenet_nxr-g100_firmware
  • futurenet_nxr-g200_firmware
  • futurenet_nxr-230\/c
  • futurenet_vxr-x86
  • futurenet_nxr-g120_firmware
  • futurenet_nxr-g180\/l-ca_firmware
  • futurenet_nxr-125\/cx_firmware
  • futurenet_nxr-1200
  • futurenet_nxr-1300_firmware
  • futurenet_nxr-g050_firmware
  • futurenet_nxr-530_firmware
  • futurenet_nxr-g110_firmware
  • futurenet_nxr-1200_firmware
  • futurenet_nxr-650_firmware
  • futurenet_nxr-350\/c
  • futurenet_wxr-250_firmware
  • futurenet_nxr-120\/c
  • futurenet_nxr-g180\/l-ca
  • futurenet_nxr-350\/c_firmware
  • futurenet_nxr-160\/lw
  • futurenet_nxr-130\/c
  • futurenet_nxr-g060_firmware
  • futurenet_nxr-160\/lw_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')