CVE-2025-58152
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet MA-X series | from 6.0.0 to 6.4.1 | affected |
| Century Systems Co., Ltd. | FutureNet MA-E300 series | from 5.0.0 to 6.2.1 | affected |
| Century Systems Co., Ltd. | FutureNet MA-S series | from 5.0.0 to 6.4.0 | affected |
| Century Systems Co., Ltd. | FutureNet MA-P series | from 5.0.0 to 6.4.0 | affected |
| Century Systems Co., Ltd. | FutureNet IP-K series | from 2.0.0 to 2.2.1 | affected |
Weaknesses
- CWE-552: Files or directories accessible to external parties
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html
- https://jvn.jp/en/vu/JVNVU98191201/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.