CVE-2024-36475
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
17/07/2024
Last modified:
27/09/2024
Description
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:* | 7.4.10 (excluding) | |
| cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:* | 21.14.11c (excluding) | |
| cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:* | 21.12.10 (excluding) | |
| cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:* | 21.15.6 (excluding) | |
| cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:* | 6.23.11 (excluding) | |
| cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:* | 21.7.32 (excluding) | |
| cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:* | 21.15.2c (excluding) | |
| cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:* | 9.12.16 (excluding) | |
| cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:* | 21.7.32 (excluding) | |
| cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:* | 10.1.5 (excluding) | |
| cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:* | 21.8.4 (excluding) | |
| cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:* | 5.30.13 (excluding) | |
| cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page