CVE-2024-36475

Summary

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

Affected Software

VendorProductVersion RangeStatus
Century Systems Co., Ltd.FutureNet NXR-1300 seriesfirmware version 7.4.9 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-650firmware version 21.16.1 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-610X seriesfirmware version 21.14.11 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-530firmware version 21.11.13 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-350/Cfirmware version 5.30.9 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-230/Cfirmware version 5.30.12 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-160/LWfirmware version 21.8.3 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G200 seriesfirmware version 9.12.15 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G180/L-CAfirmware version 21.7.28B and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G120 seriesfirmware version 21.15.2 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G110 seriesfirmware version 21.7.30C and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G100 seriesfirmware version 6.23.10 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G060 seriesfirmware version 21.15.5 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G050 seriesfirmware version 21.12.9 and earlieraffected
Century Systems Co., Ltd.FutureNet VXR/x64firmware version 21.7.31 and earlieraffected
Century Systems Co., Ltd.FutureNet VXR/x86firmware version 10.1.4 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-1200firmware version 5.25.21 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-130/Cfirmware version 5.13.21 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-155/C seriesfirmware version 5.22.5M and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-125/CXfirmware version 5.25.7H and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-120/Cfirmware version 5.25.7H and earlieraffected
Century Systems Co., Ltd.FutureNet WXR-250firmware version 1.4.7 and earlieraffected

Weaknesses

  • Active debug code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References