Active Debug Code Vulnerability Affects Multiple Products
CVE-2024-36475

8.8HIGH

Key Information:

Vendor: Century Systems Co., Ltd.
Status: Futurenet Nxr-1300 Series; Futurenet Nxr-650; Futurenet Nxr-610x Series; Futurenet Nxr-530
Vendor: CVE Published:; 17 July 2024

🔔 Create Century Systems Co., Ltd. Vulnerability Alert

What is CVE-2024-36475?

An active debug code vulnerability has been identified in Century Systems' FutureNet NXR, VXR, and WXR series products. This vulnerability arises when a user with knowledge of the debug function gains access to the product, potentially allowing the execution of arbitrary operating system commands. The implications of this vulnerability may lead to unauthorized manipulation of system processes, posing significant security risks to the integrity and confidentiality of affected systems. Users must take precautionary measures to secure their products and mitigate exposure to potential attacks.

Affected Version(s)

FutureNet NXR-120/C firmware version 5.25.7H and earlier

FutureNet NXR-1200 firmware version 5.25.21 and earlier

FutureNet NXR-125/CX firmware version 5.25.7H and earlier

References

https://www.centurysys.co.jp/backnumber/nxr_common/202407...

https://jvn.jp/en/vu/JVNVU96424864/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2024
Vulnerability Reserved
Jun 6, 2024