Description
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.
Reserved 2024-06-06 | Published 2024-07-17 | Updated 2025-04-08 | Assigner
jpcertProblem types
OS command injection
Product status
firmware version 7.4.9 and earlier
affected
firmware version 21.16.1 and earlier
affected
firmware version 21.14.11 and earlier
affected
firmware version 21.11.13 and earlier
affected
firmware version 5.30.9 and earlier
affected
firmware version 5.30.12 and earlier
affected
firmware version 21.8.3 and earlier
affected
firmware version 9.12.15 and earlier
affected
firmware version 21.7.28B and earlier
affected
firmware version 21.15.2 and earlier
affected
firmware version 21.7.30C and earlier
affected
firmware version 6.23.10 and earlier
affected
firmware version 21.15.5 and earlier
affected
firmware version 21.12.9 and earlier
affected
firmware version 21.7.31 and earlier
affected
firmware version 10.1.4 and earlier
affected
firmware version 5.25.21 and earlier
affected
firmware version 5.13.21 and earlier
affected
firmware version 5.22.5M and earlier
affected
firmware version 5.25.7H and earlier
affected
firmware version 5.25.7H and earlier
affected
firmware version 1.4.7 and earlier
affected
References
www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html
jvn.jp/en/vu/JVNVU96424864/
cve.org (CVE-2024-36491)
nvd.nist.gov (CVE-2024-36491)
Download JSON
