Vulnerability-Lookup

CVE-2024-31070 (GCVE-0-2024-31070)

Vulnerability from cvelistv5 – Published: 2024-07-17 08:47 – Updated: 2024-08-02 01:46

Summary

Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE

Initialization of a Resource with an Insecure Default

Assigner

jpcert

References

URL

Tags

	https://www.centurysys.co.jp/backnumber/nxr_commo…
	https://www.centurysys.co.jp/backnumber/nxr_commo…
	https://jvn.jp/en/vu/JVNVU96424864/

Impacted products

Vendor

Product

Version

Century Systems Co., Ltd.

FutureNet NXR-1300 series

Affected: firmware version 7.4.9 and earlier

Century Systems Co., Ltd.	FutureNet NXR-650	Affected: firmware version 21.16.1 and earlier
Century Systems Co., Ltd.	FutureNet NXR-610X series	Affected: firmware version 21.14.11 and earlier
Century Systems Co., Ltd.	FutureNet NXR-530	Affected: firmware version 21.11.13 and earlier
Century Systems Co., Ltd.	FutureNet NXR-350/C	Affected: firmware version 5.30.9 and earlier
Century Systems Co., Ltd.	FutureNet NXR-230/C	Affected: firmware version 5.30.12 and earlier
Century Systems Co., Ltd.	FutureNet NXR-160/LW	Affected: firmware version 21.8.3 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G200 series	Affected: firmware version 9.12.15 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G180/L-CA	Affected: firmware version 21.7.28B and earlier
Century Systems Co., Ltd.	FutureNet NXR-G120 series	Affected: firmware version 21.15.2 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G110 series	Affected: firmware version 21.7.30C and earlier
Century Systems Co., Ltd.	FutureNet NXR-G100 series	Affected: firmware version 6.23.10 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G060 series	Affected: firmware version 21.15.5 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G050 series	Affected: firmware version 21.12.9 and earlier
Century Systems Co., Ltd.	FutureNet VXR/x64	Affected: firmware version 21.7.31 and earlier
Century Systems Co., Ltd.	FutureNet VXR/x86	Affected: firmware version 10.1.4 and earlier
Century Systems Co., Ltd.	FutureNet NXR-1200	Affected: firmware version 5.25.21 and earlier
Century Systems Co., Ltd.	FutureNet NXR-130/C	Affected: firmware version 5.13.21 and earlier
Century Systems Co., Ltd.	FutureNet NXR-155/C series	Affected: firmware version 5.22.5M and earlier
Century Systems Co., Ltd.	FutureNet NXR-125/CX	Affected: firmware version 5.25.7H and earlier
Century Systems Co., Ltd.	FutureNet NXR-120/C	Affected: firmware version 5.25.7H and earlier
Century Systems Co., Ltd.	FutureNet WXR-250	Affected: firmware version 1.4.7 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-1300_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "7.4.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-650_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.16.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-610x_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.14.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-530_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.11.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-350\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.30.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-230\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.30.12",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-160\\/lw_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.8.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g200_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "9.12.15",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g180\\/l-ca_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.7.28B",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g120_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.15.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g110_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.7.30C",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g100_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "6.23.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g060_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.15.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-g050_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.12.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_vxr\\/x64_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "21.7.31",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_vxr\\/x86_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "10.1.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-1200_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.25.21",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-130\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.13.21",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-155\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.22.5M",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-125\\/cx_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.25.7H",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_nxr-120\\/c_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "5.25.7H",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "futurenet_wxr-250_firmware",
            "vendor": "centurysys",
            "versions": [
              {
                "lessThanOrEqual": "1.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-31070",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T13:17:01.773769Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1188",
                "description": "CWE-1188 Insecure Default Initialization of Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-18T14:09:58.806Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:46:04.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU96424864/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FutureNet NXR-1300 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 7.4.9 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-650",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.16.1 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-610X series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.14.11 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-530",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.11.13 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-350/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.30.9 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-230/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.30.12 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-160/LW",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.8.3 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G200 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 9.12.15 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G180/L-CA",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.7.28B and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G120 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.15.2 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G110 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.7.30C and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G100 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 6.23.10 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G060 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.15.5 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-G050 series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.12.9 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet VXR/x64",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 21.7.31 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet VXR/x86",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 10.1.4 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-1200",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.25.21 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-130/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.13.21 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-155/C series",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.22.5M and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-125/CX",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.25.7H and earlier"
            }
          ]
        },
        {
          "product": "FutureNet NXR-120/C",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 5.25.7H and earlier"
            }
          ]
        },
        {
          "product": "FutureNet WXR-250",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 1.4.7 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Initialization of a Resource with an Insecure Default",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-17T08:47:22.506Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
        },
        {
          "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU96424864/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-31070",
    "datePublished": "2024-07-17T08:47:22.506Z",
    "dateReserved": "2024-06-06T06:07:59.482Z",
    "dateUpdated": "2024-08-02T01:46:04.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jvn.jp/en/vu/JVNVU96424864/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:46:04.358Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-31070\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-17T13:17:01.773769Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-1300_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.4.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-650_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.16.1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-610x_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.14.11\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-530_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.11.13\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-350\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-350\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.30.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-230\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-230\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.30.12\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-160\\\\/lw_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-160\\\\/lw_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.8.3\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g200_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.12.15\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g180\\\\/l-ca_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g180\\\\/l-ca_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.7.28B\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g120_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.15.2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g110_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.7.30C\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g100_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.23.10\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g060_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.15.5\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-g050_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.12.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_vxr\\\\/x64_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_vxr\\\\/x64_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"21.7.31\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_vxr\\\\/x86_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_vxr\\\\/x86_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-1200_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.25.21\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-130\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-130\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.13.21\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-155\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-155\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.22.5M\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-125\\\\/cx_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-125\\\\/cx_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.25.7H\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_nxr-120\\\\/c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_nxr-120\\\\/c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.25.7H\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"centurysys\", \"product\": \"futurenet_wxr-250_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.4.7\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1188\", \"description\": \"CWE-1188 Insecure Default Initialization of Resource\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-17T14:45:07.995Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-1300 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 7.4.9 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-650\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.16.1 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-610X series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.14.11 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-530\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.11.13 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-350/C\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.30.9 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-230/C\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.30.12 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-160/LW\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.8.3 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G200 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 9.12.15 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G180/L-CA\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.7.28B and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G120 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.15.2 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G110 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.7.30C and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G100 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 6.23.10 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G060 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.15.5 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-G050 series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.12.9 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet VXR/x64\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 21.7.31 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet VXR/x86\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 10.1.4 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-1200\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.25.21 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-130/C\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.13.21 and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-155/C series\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.22.5M and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-125/CX\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.25.7H and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet NXR-120/C\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 5.25.7H and earlier\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet WXR-250\", \"versions\": [{\"status\": \"affected\", \"version\": \"firmware version 1.4.7 and earlier\"}]}], \"references\": [{\"url\": \"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\"}, {\"url\": \"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\"}, {\"url\": \"https://jvn.jp/en/vu/JVNVU96424864/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Initialization of a Resource with an Insecure Default\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-07-17T08:47:22.506Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-31070\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T01:46:04.358Z\", \"dateReserved\": \"2024-06-06T06:07:59.482Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-07-17T08:47:22.506Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CVE-2024-31070

Vulnerability from fstec - Published: 06.06.2024

Title

Уязвимость службы Telnet микропрограммного обеспечения маршрутизаторов FutureNet NXR, FutureNet VXR и FutureNet WXR, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Description

Уязвимость службы Telnet микропрограммного обеспечения маршрутизаторов FutureNet NXR, FutureNet VXR и FutureNet WXR связана с небезопасной инициализацией ресурса. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Century Systems Co., Ltd.

Software Name

FutureNet NXR-1300, FutureNet NXR-650, FutureNet NXR-610X, FutureNet NXR-530, FutureNet VXR/x86, FutureNet VXR/x64, FutureNet NXR-G050, FutureNet NXR-G060, FutureNet NXR-G100, FutureNet NXR-G110, FutureNet NXR-G180/L-CA, FutureNet NXR-G120, FutureNet NXR-G200, FutureNet NXR-160/LW, FutureNet NXR-230/C, FutureNet NXR-350/C

Software Version

до 7.4.9 включительно (FutureNet NXR-1300), до 21.16.1 включительно (FutureNet NXR-650), до 21.14.11 включительно (FutureNet NXR-610X), до 21.11.13 включительно (FutureNet NXR-530), до 10.1.4 включительно (FutureNet VXR/x86), до 21.7.31 включительно (FutureNet VXR/x64), до 21.12.9 включительно (FutureNet NXR-G050), до 21.15.5 включительно (FutureNet NXR-G060), до 6.23.10 включительно (FutureNet NXR-G100), до 21.7.30C включительно (FutureNet NXR-G110), до 21.7.28B включительно (FutureNet NXR-G180/L-CA), до 21.15.2 включительно (FutureNet NXR-G120), до 9.12.15 включительно (FutureNet NXR-G200), до 21.8.3 включительно (FutureNet NXR-160/LW), до 5.30.12 включительно (FutureNet NXR-230/C), до 5.30.9 включительно (FutureNet NXR-350/C)

Possible Mitigations

Использование рекомендаций: В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - минимизация пользовательских привилегий; - использование средств межсетевого экранирования для ограничения возможности удалённого доступа к устройствам; - ограничение доступа из внешних сетей (Интернет); - использование сложных и длинных паролей; - использование виртуальных частных сетей для организации удаленного доступа (VPN); - отключение службы telnet; - использование протокола шифрования SSH. Использование рекомендаций производителя: https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html

Reference

https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html https://jvn.jp/en/vu/JVNVU96424864/ https://vuldb.com/?id.271809

CWE

CWE-665, CWE-1188

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Century Systems Co., Ltd.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 7.4.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-1300), \u0434\u043e 21.16.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-650), \u0434\u043e 21.14.11 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-610X), \u0434\u043e 21.11.13 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-530), \u0434\u043e 10.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet VXR/x86), \u0434\u043e 21.7.31 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet VXR/x64), \u0434\u043e 21.12.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-G050), \u0434\u043e 21.15.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-G060), \u0434\u043e 6.23.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-G100), \u0434\u043e 21.7.30C \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-G110), \u0434\u043e 21.7.28B \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-G180/L-CA), \u0434\u043e 21.15.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-G120), \u0434\u043e 9.12.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-G200), \u0434\u043e 21.8.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-160/LW), \u0434\u043e 5.30.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-230/C), \u0434\u043e 5.30.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (FutureNet NXR-350/C)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u0438 \u0434\u043b\u0438\u043d\u043d\u044b\u0445 \u043f\u0430\u0440\u043e\u043b\u0435\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN);\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0441\u043b\u0443\u0436\u0431\u044b telnet;\n - \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f SSH.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.06.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "31.07.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "31.07.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-05856",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-31070",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "FutureNet NXR-1300, FutureNet NXR-650, FutureNet NXR-610X, FutureNet NXR-530, FutureNet VXR/x86, FutureNet VXR/x64, FutureNet NXR-G050, FutureNet NXR-G060, FutureNet NXR-G100, FutureNet NXR-G110, FutureNet NXR-G180/L-CA, FutureNet NXR-G120, FutureNet NXR-G200, FutureNet NXR-160/LW, FutureNet NXR-230/C, FutureNet NXR-350/C",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u044b Telnet \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 FutureNet NXR, FutureNet VXR \u0438 FutureNet WXR, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u0430\u044f \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f (CWE-665), \u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f (CWE-1188)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u044b Telnet \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 FutureNet NXR, FutureNet VXR \u0438 FutureNet WXR \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html\nhttps://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html\nhttps://jvn.jp/en/vu/JVNVU96424864/\nhttps://vuldb.com/?id.271809",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-665, CWE-1188",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

FKIE_CVE-2024-31070

Vulnerability from fkie_nvd - Published: 2024-07-17 09:15 - Updated: 2024-11-21 09:12

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU96424864/	Third Party Advisory
vultures@jpcert.or.jp	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html	Vendor Advisory
vultures@jpcert.or.jp	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/vu/JVNVU96424864/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html	Vendor Advisory

Impacted products

Vendor	Product	Version
centurysys	futurenet_nxr-1300_firmware	*
centurysys	futurenet_nxr-155\/c_firmware	*
centurysys	futurenet_nxr-610x_firmware	*
centurysys	futurenet_nxr-g050_firmware	*
centurysys	futurenet_nxr-g060_firmware	*
centurysys	futurenet_nxr-g100_firmware	*
centurysys	futurenet_nxr-g110_firmware	*
centurysys	futurenet_nxr-g120_firmware	*
centurysys	futurenet_nxr-g200_firmware	*
centurysys	futurenet_vxr-x64	*
centurysys	futurenet_vxr-x86	*
centurysys	futurenet_nxr-160\/lw_firmware	*
centurysys	futurenet_nxr-160\/lw	-
centurysys	futurenet_nxr-230\/c_firmware	*
centurysys	futurenet_nxr-230\/c	-
centurysys	futurenet_nxr-350\/c_firmware	*
centurysys	futurenet_nxr-350\/c	-
centurysys	futurenet_nxr-530_firmware	*
centurysys	futurenet_nxr-530	-
centurysys	futurenet_nxr-650_firmware	*
centurysys	futurenet_nxr-650_firmware	*
centurysys	futurenet_nxr-g180\/l-ca_firmware	*
centurysys	futurenet_nxr-g180\/l-ca	-
centurysys	futurenet_nxr-130\/c_firmware	*
centurysys	futurenet_nxr-130\/c	-
centurysys	futurenet_nxr-125\/cx_firmware	*
centurysys	futurenet_nxr-125\/cx_firmware	*
centurysys	futurenet_nxr-120\/c_firmware	*
centurysys	futurenet_nxr-120\/c	-
centurysys	futurenet_wxr-250_firmware	*
centurysys	futurenet_wxr-250	-
centurysys	futurenet_nxr-1200_firmware	*
centurysys	futurenet_nxr-1200	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93E1B6BE-9BC9-42A1-BAAD-F3B77480E39E",
              "versionEndExcluding": "7.4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB857995-8BB6-43D8-8312-A07A9B0406EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAE4D3F9-8AD2-4E7F-A775-C7F9CDB2AF86",
              "versionEndExcluding": "21.14.11c",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A13E427-5D4C-438F-8138-32CFB0891B4A",
              "versionEndExcluding": "21.12.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "201D26E0-8485-4BBD-B5CB-AFAB668A3BCB",
              "versionEndExcluding": "21.15.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4236D6DC-2190-4280-9667-DFF95C065800",
              "versionEndExcluding": "6.23.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C488D0A-3B6E-4C8B-9C05-C68E67A26E51",
              "versionEndExcluding": "21.7.32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F93F4E-CFA1-4FE4-9FDB-D9C58B5967A4",
              "versionEndExcluding": "21.15.2c",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7016BF10-A68A-489E-AEE8-92B7CE768190",
              "versionEndExcluding": "9.12.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4218167-7FDF-4ED7-B776-724504E8E5AF",
              "versionEndExcluding": "21.7.32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "663661B7-9552-4E05-952F-3BD491B30B20",
              "versionEndExcluding": "10.1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A03D7A97-5D7B-4A10-A83E-07DDEBC5F1F2",
              "versionEndExcluding": "21.8.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:centurysys:futurenet_nxr-160\\/lw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87410133-A2F3-4592-A808-04AFA816953C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85AD66C6-DF0F-4BC1-B979-C2BB8F09CBC9",
              "versionEndExcluding": "5.30.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:centurysys:futurenet_nxr-230\\/c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FE0C63-8CF3-485C-8E8E-7C39AA07006F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A40EC07-7E1F-40F8-BE4B-DF03ED12E913",
              "versionEndExcluding": "5.30.9c",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:centurysys:futurenet_nxr-350\\/c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B53442-E424-4FA2-9049-B66AF2B39200",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBB1B1A5-A8FF-47E4-B544-407D7EFD39D7",
              "versionEndExcluding": "21.11.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "35845A42-42A5-4042-BCEA-8015F8CB5C37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBFB68AA-BA4A-4DF6-916A-D2597C1B65AE",
              "versionEndExcluding": "21.16.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52675FC8-8A10-4B7F-9581-E7E7A9A79002",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58FE55C1-3266-4183-8DD7-9F73F4B18446",
              "versionEndExcluding": "21.7.28c",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:centurysys:futurenet_nxr-g180\\/l-ca:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0AEA14-2DF2-4E0E-AB16-49DC74F6CC78",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E78D5D52-53FD-4F1A-9B39-F43A6A718082",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:centurysys:futurenet_nxr-130\\/c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AE2019-F134-4D0C-991E-613BED91BB7B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B54CBE1A-E6E0-4C94-A187-B3B16BAF09A8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B54CBE1A-E6E0-4C94-A187-B3B16BAF09A8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "955F9BBA-FDA1-46C5-ACD9-86661D7C6027",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:centurysys:futurenet_nxr-120\\/c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF4A7DC-3DBB-4CCD-B8B0-F4BFB188C135",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F62ECC5-D4AA-4C75-AD1D-8C130E9C7118",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B45729-2265-4DB0-BD01-F133C7B2C857",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D6BD64-221C-48A1-8A54-F41BDDE0A199",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70F6FF8E-4303-4213-9603-B81ACA9CEE8E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly."
    },
    {
      "lang": "es",
      "value": "La inicializaci\u00f3n de un recurso con una vulnerabilidad predeterminada insegura en las series FutureNet NXR, VXR y WXR proporcionadas por Century Systems Co., Ltd. permite a un atacante remoto no autenticado acceder al servicio telnet de forma ilimitada."
    }
  ],
  "id": "CVE-2024-31070",
  "lastModified": "2024-11-21T09:12:47.663",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-17T09:15:02.813",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/vu/JVNVU96424864/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/vu/JVNVU96424864/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

JVNDB-2024-004595

Vulnerability from jvndb - Published: 2024-07-29 17:51 - Updated:2025-06-30 09:56

Severity ?

9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series

Details

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. * Initialization of a Resource with an Insecure Default (CWE-1188) - CVE-2024-31070 * Active Debug Code (CWE-489) - CVE-2024-36475 * OS Command Injection (CWE-78) - CVE-2024-36491 * Buffer Overflow (CWE-120) - CVE-2020-10188 The product uses previous versions of netkit-telnet which contains a known vulnerability. CVE-2024-31070, CVE-2024-36475 Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2024-36491, CVE-2020-10188 Century Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.

References

Type

URL

	JVN	https://jvn.jp/en/vu/JVNVU96424864/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-31070
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-36475
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-36491
	CVE	https://www.cve.org/CVERecord?id=CVE-2020-10188
	Insecure Default Initialization of Resource(CWE-1188)	https://cwe.mitre.org/data/definitions/1188.html
	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120)	https://cwe.mitre.org/data/definitions/120.html
	Active Debug Code(CWE-489)	https://cwe.mitre.org/data/definitions/489.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Century Systems Co., Ltd.	FutureNet NXR-120/C
	Century Systems Co., Ltd.	FutureNet NXR-1200
	Century Systems Co., Ltd.	FutureNet NXR-125/CX
	Century Systems Co., Ltd.	FutureNet NXR-130/C
	Century Systems Co., Ltd.	FutureNet NXR-1300 series
	Century Systems Co., Ltd.	FutureNet NXR-155/C series
	Century Systems Co., Ltd.	FutureNet NXR-160/LW
	Century Systems Co., Ltd.	FutureNet NXR-230/C
	Century Systems Co., Ltd.	FutureNet NXR-350/C
	Century Systems Co., Ltd.	FutureNet NXR-530
	Century Systems Co., Ltd.	FutureNet NXR-610X series
	Century Systems Co., Ltd.	FutureNet NXR-650
	Century Systems Co., Ltd.	FutureNet NXR-G050 series
	Century Systems Co., Ltd.	FutureNet NXR-G060 series
	Century Systems Co., Ltd.	FutureNet NXR-G100 series
	Century Systems Co., Ltd.	FutureNet NXR-G110 series
	Century Systems Co., Ltd.	FutureNet NXR-G120 series
	Century Systems Co., Ltd.	FutureNet NXR-G180/L-CA
	Century Systems Co., Ltd.	FutureNet NXR-G200 series
	Century Systems Co., Ltd.	FutureNet VXR/x64
	Century Systems Co., Ltd.	FutureNet VXR/x86
	Century Systems Co., Ltd.	FutureNet WXR-250

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
  "dc:date": "2025-06-30T09:56+09:00",
  "dcterms:issued": "2024-07-29T17:51+09:00",
  "dcterms:modified": "2025-06-30T09:56+09:00",
  "description": "FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.\r\n  * Initialization of a Resource with an Insecure Default (CWE-1188) - CVE-2024-31070\r\n  * Active Debug Code (CWE-489) - CVE-2024-36475\r\n  * OS Command Injection (CWE-78) - CVE-2024-36491\r\n  * Buffer Overflow (CWE-120) - CVE-2020-10188\r\n    The product uses previous versions of netkit-telnet which contains a known vulnerability.\r\n\r\nCVE-2024-31070, CVE-2024-36475\r\nKatsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2024-36491, CVE-2020-10188\r\nCentury Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-120/c",
      "@product": "FutureNet NXR-120/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-1200",
      "@product": "FutureNet NXR-1200",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-125/cx",
      "@product": "FutureNet NXR-125/CX",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-130/c",
      "@product": "FutureNet NXR-130/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-1300",
      "@product": "FutureNet NXR-1300 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-155/c",
      "@product": "FutureNet NXR-155/C series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-160/lw",
      "@product": "FutureNet NXR-160/LW",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-230/c",
      "@product": "FutureNet NXR-230/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-350/c",
      "@product": "FutureNet NXR-350/C",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-530",
      "@product": "FutureNet NXR-530",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-610x",
      "@product": "FutureNet NXR-610X series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-650",
      "@product": "FutureNet NXR-650",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g050",
      "@product": "FutureNet NXR-G050 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g060",
      "@product": "FutureNet NXR-G060 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g100",
      "@product": "FutureNet NXR-G100 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g110",
      "@product": "FutureNet NXR-G110 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g120",
      "@product": "FutureNet NXR-G120 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g180/l-ca",
      "@product": "FutureNet NXR-G180/L-CA",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_nxr-g200",
      "@product": "FutureNet NXR-G200 series",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_vxr/x64",
      "@product": "FutureNet VXR/x64",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_vxr/x86",
      "@product": "FutureNet VXR/x86",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_wxr-250",
      "@product": "FutureNet WXR-250",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "9.8",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-004595",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU96424864/index.html",
      "@id": "JVNVU#96424864",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31070",
      "@id": "CVE-2024-31070",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36475",
      "@id": "CVE-2024-36475",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36491",
      "@id": "CVE-2024-36491",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2020-10188",
      "@id": "CVE-2020-10188",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/1188.html",
      "@id": "CWE-1188",
      "@title": "Insecure Default Initialization of Resource(CWE-1188)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/120.html",
      "@id": "CWE-120",
      "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/489.html",
      "@id": "CWE-489",
      "@title": "Active Debug Code(CWE-489)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series"
}

GHSA-GRWM-7VMP-5MCP

Vulnerability from github – Published: 2024-07-17 09:30 – Updated: 2024-08-01 15:32

Details

Severity ?

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-31070"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-17T09:15:02Z",
    "severity": "CRITICAL"
  },
  "details": "Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.",
  "id": "GHSA-grwm-7vmp-5mcp",
  "modified": "2024-08-01T15:32:05Z",
  "published": "2024-07-17T09:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31070"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU96424864"
    },
    {
      "type": "WEB",
      "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"
    },
    {
      "type": "WEB",
      "url": "https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-31070 (GCVE-0-2024-31070)

CVE-2024-31070

FKIE_CVE-2024-31070

JVNDB-2024-004595

GHSA-GRWM-7VMP-5MCP

Tags

Sightings

Nomenclature