CVE-2024-36491

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36491
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/vu/JVNVU96424864/ Third Party Advisory
https://jvn.jp/en/vu/JVNVU96424864/ Third Party Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html Vendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html Vendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html Vendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*
History

01 Apr 2025, 05:15

Type Values Removed Values Added
Summary FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition. FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.

27 Sep 2024, 14:05

Type Values Removed Values Added
First Time Centurysys
Centurysys futurenet Nxr-160\/lw
Centurysys futurenet Nxr-530 Firmware
Centurysys futurenet Wxr-250
Centurysys futurenet Nxr-120\/c Firmware
Centurysys futurenet Nxr-g050 Firmware
Centurysys futurenet Wxr-250 Firmware
Centurysys futurenet Nxr-1300 Firmware
Centurysys futurenet Nxr-230\/c Firmware
Centurysys futurenet Nxr-130\/c Firmware
Centurysys futurenet Nxr-1200
Centurysys futurenet Nxr-160\/lw Firmware
Centurysys futurenet Nxr-g180\/l-ca Firmware
Centurysys futurenet Vxr-x64
Centurysys futurenet Nxr-g100 Firmware
Centurysys futurenet Nxr-230\/c
Centurysys futurenet Nxr-650 Firmware
Centurysys futurenet Nxr-530
Centurysys futurenet Nxr-155\/c Firmware
Centurysys futurenet Nxr-g120 Firmware
Centurysys futurenet Nxr-g060 Firmware
Centurysys futurenet Nxr-1200 Firmware
Centurysys futurenet Nxr-350\/c Firmware
Centurysys futurenet Nxr-350\/c
Centurysys futurenet Nxr-125\/cx Firmware
Centurysys futurenet Vxr-x86
Centurysys futurenet Nxr-g200 Firmware
Centurysys futurenet Nxr-120\/c
Centurysys futurenet Nxr-g110 Firmware
Centurysys futurenet Nxr-130\/c
Centurysys futurenet Nxr-g180\/l-ca
Centurysys futurenet Nxr-610x Firmware
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
References () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html - () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html - Vendor Advisory
References () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html - () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html - Vendor Advisory
References () https://jvn.jp/en/vu/JVNVU96424864/ - () https://jvn.jp/en/vu/JVNVU96424864/ - Third Party Advisory
CWE CWE-78
CPE cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*

17 Jul 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-17 09:15

Updated : 2025-04-01 05:15

NVD link : CVE-2024-36491

Mitre link : CVE-2024-36491

JSON object : View

Products Affected

centurysys

  • futurenet_nxr-120\/c_firmware
  • futurenet_nxr-1300_firmware
  • futurenet_nxr-120\/c
  • futurenet_nxr-g050_firmware
  • futurenet_nxr-g110_firmware
  • futurenet_nxr-155\/c_firmware
  • futurenet_wxr-250_firmware
  • futurenet_nxr-130\/c_firmware
  • futurenet_wxr-250
  • futurenet_nxr-130\/c
  • futurenet_nxr-650_firmware
  • futurenet_nxr-1200
  • futurenet_nxr-230\/c_firmware
  • futurenet_nxr-350\/c_firmware
  • futurenet_nxr-530_firmware
  • futurenet_nxr-160\/lw_firmware
  • futurenet_nxr-160\/lw
  • futurenet_nxr-g180\/l-ca_firmware
  • futurenet_nxr-1200_firmware
  • futurenet_nxr-530
  • futurenet_vxr-x64
  • futurenet_nxr-g180\/l-ca
  • futurenet_nxr-350\/c
  • futurenet_vxr-x86
  • futurenet_nxr-610x_firmware
  • futurenet_nxr-g100_firmware
  • futurenet_nxr-g120_firmware
  • futurenet_nxr-230\/c
  • futurenet_nxr-g060_firmware
  • futurenet_nxr-125\/cx_firmware
  • futurenet_nxr-g200_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')