CVE-2024-36491

Description

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition.

Reserved 2024-06-06 | Published 2024-07-17 | Updated 2024-08-02 | Assigner jpcert

Problem types

OS command injection

Product status

firmware version 7.4.9 and earlier
affected

firmware version 21.16.1 and earlier
affected

firmware version 21.14.11 and earlier
affected

firmware version 21.11.13 and earlier
affected

firmware version 5.30.9 and earlier
affected

firmware version 5.30.12 and earlier
affected

firmware version 21.8.3 and earlier
affected

firmware version 9.12.15 and earlier
affected

firmware version 21.7.28B and earlier
affected

firmware version 21.15.2 and earlier
affected

firmware version 21.7.30C and earlier
affected

firmware version 6.23.10 and earlier
affected

firmware version 21.15.5 and earlier
affected

firmware version 21.12.9 and earlier
affected

firmware version 21.7.31 and earlier
affected

firmware version 10.1.4 and earlier
affected

firmware version 5.25.21 and earlier
affected

firmware version 5.13.21 and earlier
affected

firmware version 5.22.5M and earlier
affected

firmware version 5.25.7H and earlier
affected

firmware version 5.25.7H and earlier
affected

firmware version 1.4.7 and earlier
affected

References

www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html

www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html

jvn.jp/en/vu/JVNVU96424864/

cve.org (CVE-2024-36491)

nvd.nist.gov (CVE-2024-36491)

Download JSON