9.8
CVE-2024-50357
- EPSS 0.14%
- Veröffentlicht 29.11.2024 10:15:10
- Zuletzt bearbeitet 29.11.2024 10:15:10
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product's settings via REST-APIs.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellercenturysys
≫
Produkt
futurenet_nxr-g110_firmware
Default Statusunknown
Version <
21.15.9
Version
21.15.7
Status
affected
Herstellercenturysys
≫
Produkt
futurenet_nxr-g060_firmware
Default Statusunknown
Version <
21.15.6C1
Version
0
Status
affected
Herstellercenturysys
≫
Produkt
futurenet_nxr-g050_firmware
Default Statusunknown
Version <
21.12.11
Version
21.12.5
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.346 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| vultures@jpcert.or.jp | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-684 Incorrect Provision of Specified Functionality
The code does not function according to its published specifications, potentially leading to incorrect usage.