CVE-2024-31070
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Exploitability: 3.9 / Impact: 5.2
Source: NVD
Description
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.
Affected (21)
Products: Centurysys: Futurenet Nxr 1300 Firmware, Futurenet Nxr 155/c Firmware, Futurenet Nxr 610x Firmware, Futurenet Nxr G050 Firmware, Futurenet Nxr G060 Firmware, Futurenet Nxr G100 Firmware, Futurenet Nxr G110 Firmware, Futurenet Nxr G120 Firmware, Futurenet Nxr G200 Firmware, Futurenet Vxr X64, Futurenet Vxr X86, Futurenet Nxr 160/lw Firmware, Futurenet Nxr 230/c Firmware, Futurenet Nxr 350/c Firmware, Futurenet Nxr 530 Firmware, Futurenet Nxr 650 Firmware, Futurenet Nxr G180/l Ca Firmware, Futurenet Nxr 130/c Firmware, Futurenet Nxr 120/c Firmware, Futurenet Wxr 250 Firmware, Futurenet Nxr 1200 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 7.4.10 | |
| All versions | |
| Before 21.14.11c | |
| Before 21.12.10 | |
| Before 21.15.6 | |
| Before 6.23.11 | |
| Before 21.7.32 | |
| Before 21.15.2c | |
| Before 9.12.16 | |
| Before 21.7.32 | |
| Before 10.1.5 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 21.8.4 |
| Running on/with | Platform Versions |
|---|---|
Centurysys Futurenet Nxr 160/lw | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.30.13 |
| Running on/with | Platform Versions |
|---|---|
Centurysys Futurenet Nxr 230/c | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.30.9c |
| Running on/with | Platform Versions |
|---|---|
Centurysys Futurenet Nxr 350/c | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 21.11.14 |
| Running on/with | Platform Versions |
|---|---|
Centurysys Futurenet Nxr 530 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 21.16.2 |
| Running on/with | Platform Versions |
|---|---|
Centurysys Futurenet Nxr 650 Firmware | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 21.7.28c |
| Running on/with | Platform Versions |
|---|---|
Centurysys Futurenet Nxr G180/l Ca | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Centurysys Futurenet Nxr 130/c | All versions |
Configuration I
| Running on/with | Platform Versions |
|---|---|
Centurysys Futurenet Nxr 125/cx Firmware | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Centurysys Futurenet Nxr 120/c | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Centurysys Futurenet Wxr 250 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Centurysys Futurenet Nxr 1200 | All versions |
References (6)
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.