CVE-2025-54763

Summary

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command.

Affected Software

VendorProductVersion RangeStatus
Century Systems Co., Ltd.FutureNet MA-X seriesfrom 6.0.0 to 6.4.1affected
Century Systems Co., Ltd.FutureNet MA-E300 seriesfrom 5.0.0 to 6.2.1affected
Century Systems Co., Ltd.FutureNet MA-S seriesfrom 5.0.0 to 6.4.0affected
Century Systems Co., Ltd.FutureNet MA-P seriesfrom 5.0.0 to 6.4.0affected
Century Systems Co., Ltd.FutureNet IP-K seriesfrom 2.0.0 to 2.2.1affected

Weaknesses

  • CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References