CVE-2024-31070
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet NXR-1300 series | firmware version 7.4.9 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-650 | firmware version 21.16.1 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-610X series | firmware version 21.14.11 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-530 | firmware version 21.11.13 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-350/C | firmware version 5.30.9 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-230/C | firmware version 5.30.12 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-160/LW | firmware version 21.8.3 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-G200 series | firmware version 9.12.15 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-G180/L-CA | firmware version 21.7.28B and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-G120 series | firmware version 21.15.2 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-G110 series | firmware version 21.7.30C and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-G100 series | firmware version 6.23.10 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-G060 series | firmware version 21.15.5 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-G050 series | firmware version 21.12.9 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet VXR/x64 | firmware version 21.7.31 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet VXR/x86 | firmware version 10.1.4 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-1200 | firmware version 5.25.21 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-130/C | firmware version 5.13.21 and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-155/C series | firmware version 5.22.5M and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-125/CX | firmware version 5.25.7H and earlier | affected |
| Century Systems Co., Ltd. | FutureNet NXR-120/C | firmware version 5.25.7H and earlier | affected |
| Century Systems Co., Ltd. | FutureNet WXR-250 | firmware version 1.4.7 and earlier | affected |
Weaknesses
- Initialization of a Resource with an Insecure Default
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
- https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html
- https://jvn.jp/en/vu/JVNVU96424864/
References
- https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
- https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html
- https://jvn.jp/en/vu/JVNVU96424864/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.