CRITICAL🇵🇱 Wersja polska

CVE-2024-36491

CVSS 9.8v3.1pub. 2024-07-17upd. 2025-04-01

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.

🤖 AI Analysis
How it works

The vulnerability (CWE-78) consists of a lack of proper validation or neutralization of input data passed to system calls in the device's administrative interface. A logged-in user with administrative privileges can construct appropriately crafted input data that will be interpreted as operating system commands and executed in the context of the device. The network vector (AV:N) means the attack can be conducted remotely over the network.

Impact

An attacker can execute arbitrary OS commands on the device, obtain or modify sensitive configuration information, and cause a denial of service (DoS) state, leading to unavailability of the network device.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references (https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html and https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html). Additionally, it is recommended to restrict access to the administrative interface only to trusted IP addresses and to avoid exposing the administration panel directly to the internet.

Who is affected

FutureNet NXR-1300, NXR-155/C, NXR-610X, NXR-G050, NXR-G060 devices and other NXR, VXR, and WXR series devices from Century Systems Co., Ltd. — exact firmware versions indicated in the manufacturer's references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Centurysys Futurenet Nxr 1200

    HW
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr 1200 Firmware

    OS
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr 120\/c

    HW
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr 120\/c Firmware

    OS
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr 125\/cx Firmware

    OS
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr 1300 Firmware

    OS
    Centurysys
    < 7.4.10
  • Centurysys Futurenet Nxr 130\/c

    HW
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr 130\/c Firmware

    OS
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr 155\/c Firmware

    OS
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr 160\/lw

    HW
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr 160\/lw Firmware

    OS
    Centurysys
    < 21.8.4
  • Centurysys Futurenet Nxr 230\/c

    HW
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr 230\/c Firmware

    OS
    Centurysys
    < 5.30.13
  • Centurysys Futurenet Nxr 350\/c

    HW
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr 350\/c Firmware

    OS
    Centurysys
    < 5.30.9c
  • Centurysys Futurenet Nxr 530

    HW
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr 530 Firmware

    OS
    Centurysys
    < 21.11.14
  • Centurysys Futurenet Nxr 610x Firmware

    OS
    Centurysys
    < 21.14.11c
  • Centurysys Futurenet Nxr 650 Firmware

    OS
    Centurysys
    < 21.16.2
  • Centurysys Futurenet Nxr G050 Firmware

    OS
    Centurysys
    < 21.12.10
  • Centurysys Futurenet Nxr G060 Firmware

    OS
    Centurysys
    < 21.15.6
  • Centurysys Futurenet Nxr G100 Firmware

    OS
    Centurysys
    < 6.23.11
  • Centurysys Futurenet Nxr G110 Firmware

    OS
    Centurysys
    < 21.7.32
  • Centurysys Futurenet Nxr G120 Firmware

    OS
    Centurysys
    < 21.15.2c
  • Centurysys Futurenet Nxr G180\/l Ca

    HW
    Centurysys
    wszystkie wersje
  • Centurysys Futurenet Nxr G180\/l Ca Firmware

    OS
    Centurysys
    < 21.7.28c
  • Centurysys Futurenet Nxr G200 Firmware

    OS
    Centurysys
    < 9.12.16
  • Centurysys Futurenet Vxr X64

    OS
    Centurysys
    < 21.7.32
  • Centurysys Futurenet Vxr X86

    OS
    Centurysys
    < 10.1.5
  • Centurysys Futurenet Wxr 250

    HW
    Centurysys
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2024-31070CRITICAL9.1PL ✓ten sam produkt

Auth Bypass w FutureNet NXR/VXR/WXR — nieograniczony dostęp do usługi Telnet

CVE-2024-36475HIGH8.8ten sam produkt

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug ...

CVE-2008-6449MEDIUM4.0ten sam vendor

Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1....