CVE-2024-36475
HIGHCVSS 8.8/10EPSS 0.62%
Last modified
CVE-2024-36475 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Centurysys | Futurenet Nxr-1300 Firmware | < 7.4.10 |
| Centurysys | Futurenet Nxr-155\/C Firmware | All versions |
| Centurysys | Futurenet Nxr-610x Firmware | < 21.14.11c |
| Centurysys | Futurenet Nxr-G050 Firmware | < 21.12.10 |
| Centurysys | Futurenet Nxr-G060 Firmware | < 21.15.6 |
| Centurysys | Futurenet Nxr-G100 Firmware | < 6.23.11 |
| Centurysys | Futurenet Nxr-G110 Firmware | < 21.7.32 |
| Centurysys | Futurenet Nxr-G120 Firmware | < 21.15.2c |
| Centurysys | Futurenet Nxr-G200 Firmware | < 9.12.16 |
| Centurysys | Futurenet Vxr-X64 | < 21.7.32 |
| Centurysys | Futurenet Vxr-X86 | < 10.1.5 |
| Centurysys | Futurenet Nxr-160\/Lw Firmware | < 21.8.4 |
| Centurysys | Futurenet Nxr-230\/C Firmware | < 5.30.13 |
| Centurysys | Futurenet Nxr-350\/C Firmware | < 5.30.9c |
| Centurysys | Futurenet Nxr-530 Firmware | < 21.11.14 |
| Centurysys | Futurenet Nxr-650 Firmware | < 21.16.2 |
| Centurysys | Futurenet Nxr-G180\/L-Ca Firmware | < 21.7.28c |
| Centurysys | Futurenet Nxr-130\/C Firmware | All versions |
| Centurysys | Futurenet Nxr-125\/Cx Firmware | All versions |
| Centurysys | Futurenet Nxr-120\/C Firmware | All versions |
| Centurysys | Futurenet Wxr-250 Firmware | All versions |
| Centurysys | Futurenet Nxr-1200 Firmware | All versions |
References
- https://jvn.jp/en/vu/JVNVU96424864/Third Party Advisory
- https://jvn.jp/en/vu/JVNVU96424864/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-36475?
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
How severe is CVE-2024-36475?
CVE-2024-36475 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.62% probability of exploitation in the next 30 days.
How do I fix CVE-2024-36475?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2024-36475?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST