CVE-2024-36475

EPSS 0.51%
Veröffentlicht 17.07.2024 09:15:03
Zuletzt bearbeitet 21.11.2024 09:22:15
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Centurysys ≫ Futurenet Nxr-1300 Firmware Version < 7.4.10

Centurysys ≫ Futurenet Nxr-155/c Firmware

Centurysys ≫ Futurenet Nxr-610x Firmware Version < 21.14.11c

Centurysys ≫ Futurenet Nxr-g050 Firmware Version < 21.12.10

Centurysys ≫ Futurenet Nxr-g060 Firmware Version < 21.15.6

Centurysys ≫ Futurenet Nxr-g100 Firmware Version < 6.23.11

Centurysys ≫ Futurenet Nxr-g110 Firmware Version < 21.7.32

Centurysys ≫ Futurenet Nxr-g120 Firmware Version < 21.15.2c

Centurysys ≫ Futurenet Nxr-g200 Firmware Version < 9.12.16

Centurysys ≫ Futurenet Vxr-x64 Version < 21.7.32

Centurysys ≫ Futurenet Vxr-x86 Version < 10.1.5

Centurysys ≫ Futurenet Nxr-160/lw Firmware Version < 21.8.4

Centurysys ≫ Futurenet Nxr-160/lw Version-

Centurysys ≫ Futurenet Nxr-230/c Firmware Version < 5.30.13

Centurysys ≫ Futurenet Nxr-230/c Version-

Centurysys ≫ Futurenet Nxr-350/c Firmware Version < 5.30.9c

Centurysys ≫ Futurenet Nxr-350/c Version-

Centurysys ≫ Futurenet Nxr-530 Firmware Version < 21.11.14

Centurysys ≫ Futurenet Nxr-530 Version-

Centurysys ≫ Futurenet Nxr-650 Firmware Version < 21.16.2

Centurysys ≫ Futurenet Nxr-650 Version-

Centurysys ≫ Futurenet Nxr-g180/l-ca Firmware Version < 21.7.28c

Centurysys ≫ Futurenet Nxr-g180/l-ca Version-

Centurysys ≫ Futurenet Nxr-130/c Firmware

Centurysys ≫ Futurenet Nxr-130/c Version-

Centurysys ≫ Futurenet Nxr-125/cx Firmware

Centurysys ≫ Futurenet Nxr-125/cx Version-

Centurysys ≫ Futurenet Nxr-120/c Firmware

Centurysys ≫ Futurenet Nxr-120/c Version-

Centurysys ≫ Futurenet Wxr-250 Firmware

Centurysys ≫ Futurenet Wxr-250 Version-

Centurysys ≫ Futurenet Nxr-1200 Firmware

Centurysys ≫ Futurenet Nxr-1200 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.654

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-489 Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://jvn.jp/en/vu/JVNVU96424864/

Third Party Advisory

https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html

Vendor Advisory

https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-36475

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36475

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36475

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-36475