CVE-2024-36491

Summary

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.

Affected Software

VendorProductVersion RangeStatus
Century Systems Co., Ltd.FutureNet NXR-1300 seriesfirmware version 7.4.9 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-650firmware version 21.16.1 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-610X seriesfirmware version 21.14.11 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-530firmware version 21.11.13 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-350/Cfirmware version 5.30.9 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-230/Cfirmware version 5.30.12 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-160/LWfirmware version 21.8.3 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G200 seriesfirmware version 9.12.15 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G180/L-CAfirmware version 21.7.28B and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G120 seriesfirmware version 21.15.2 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G110 seriesfirmware version 21.7.30C and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G100 seriesfirmware version 6.23.10 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G060 seriesfirmware version 21.15.5 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G050 seriesfirmware version 21.12.9 and earlieraffected
Century Systems Co., Ltd.FutureNet VXR/x64firmware version 21.7.31 and earlieraffected
Century Systems Co., Ltd.FutureNet VXR/x86firmware version 10.1.4 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-1200firmware version 5.25.21 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-130/Cfirmware version 5.13.21 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-155/C seriesfirmware version 5.22.5M and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-125/CXfirmware version 5.25.7H and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-120/Cfirmware version 5.25.7H and earlieraffected
Century Systems Co., Ltd.FutureNet WXR-250firmware version 1.4.7 and earlieraffected

Weaknesses

  • OS command injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References