Description
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
Reserved 2024-06-06 | Published 2024-07-17 | Updated 2024-08-02 | Assigner
jpcertProblem types
Active debug code
Product status
firmware version 7.4.9 and earlier
affected
firmware version 21.16.1 and earlier
affected
firmware version 21.14.11 and earlier
affected
firmware version 21.11.13 and earlier
affected
firmware version 5.30.9 and earlier
affected
firmware version 5.30.12 and earlier
affected
firmware version 21.8.3 and earlier
affected
firmware version 9.12.15 and earlier
affected
firmware version 21.7.28B and earlier
affected
firmware version 21.15.2 and earlier
affected
firmware version 21.7.30C and earlier
affected
firmware version 6.23.10 and earlier
affected
firmware version 21.15.5 and earlier
affected
firmware version 21.12.9 and earlier
affected
firmware version 21.7.31 and earlier
affected
firmware version 10.1.4 and earlier
affected
firmware version 5.25.21 and earlier
affected
firmware version 5.13.21 and earlier
affected
firmware version 5.22.5M and earlier
affected
firmware version 5.25.7H and earlier
affected
firmware version 5.25.7H and earlier
affected
firmware version 1.4.7 and earlier
affected
References
www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html
jvn.jp/en/vu/JVNVU96424864/
cve.org (CVE-2024-36475)
nvd.nist.gov (CVE-2024-36475)
Download JSON
Subscribe to our newsletter to learn more about our work.
