Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-36491
PUBLISHED
More InfoOfficial Page
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
View Known Exploited Vulnerability (KEV) details
Published At-17 Jul, 2024 | 08:50
Updated At-08 Apr, 2025 | 20:43
Rejected At-
▼CVE Numbering Authority (CNA)

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.

Affected Products
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-1300 series
Versions
Affected
  • firmware version 7.4.9 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-650
Versions
Affected
  • firmware version 21.16.1 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-610X series
Versions
Affected
  • firmware version 21.14.11 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-530
Versions
Affected
  • firmware version 21.11.13 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-350/C
Versions
Affected
  • firmware version 5.30.9 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-230/C
Versions
Affected
  • firmware version 5.30.12 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-160/LW
Versions
Affected
  • firmware version 21.8.3 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-G200 series
Versions
Affected
  • firmware version 9.12.15 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-G180/L-CA
Versions
Affected
  • firmware version 21.7.28B and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-G120 series
Versions
Affected
  • firmware version 21.15.2 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-G110 series
Versions
Affected
  • firmware version 21.7.30C and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-G100 series
Versions
Affected
  • firmware version 6.23.10 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-G060 series
Versions
Affected
  • firmware version 21.15.5 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-G050 series
Versions
Affected
  • firmware version 21.12.9 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet VXR/x64
Versions
Affected
  • firmware version 21.7.31 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet VXR/x86
Versions
Affected
  • firmware version 10.1.4 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-1200
Versions
Affected
  • firmware version 5.25.21 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-130/C
Versions
Affected
  • firmware version 5.13.21 and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-155/C series
Versions
Affected
  • firmware version 5.22.5M and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-125/CX
Versions
Affected
  • firmware version 5.25.7H and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet NXR-120/C
Versions
Affected
  • firmware version 5.25.7H and earlier
Vendor
Century Systems Co., Ltd.
Product
FutureNet WXR-250
Versions
Affected
  • firmware version 1.4.7 and earlier
Problem Types
TypeCWE IDDescription
textN/AOS command injection
Type: text
CWE ID: N/A
Description: OS command injection
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
N/A
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html
N/A
https://jvn.jp/en/vu/JVNVU96424864/
N/A
Hyperlink: https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
Resource: N/A
Hyperlink: https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html
Resource: N/A
Hyperlink: https://jvn.jp/en/vu/JVNVU96424864/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
centurysys
Product
futurenet_nxr-1300_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 7.4.9 (custom)
Vendor
centurysys
Product
futurenet_nxr-650_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 21.16.1 (custom)
Vendor
centurysys
Product
futurenet_nxr-610x_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 21.14.11 (custom)
Vendor
centurysys
Product
futurenet_nxr-530_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 21.11.13 (custom)
Vendor
centurysys
Product
futurenet_nxr-350\/c_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 5.30.9 (custom)
Vendor
centurysys
Product
futurenet_nxr-230\/c_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 5.30.12 (custom)
Vendor
centurysys
Product
futurenet_nxr-160\/lw_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 21.8.3 (custom)
Vendor
centurysys
Product
futurenet_nxr-g200_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 9.12.15 (custom)
Vendor
centurysys
Product
futurenet_nxr-g180\/l-ca_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 21.7.28B (custom)
Vendor
centurysys
Product
futurenet_nxr-g120_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 21.15.2 (custom)
Vendor
centurysys
Product
futurenet_nxr-g110_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 21.7.30C (custom)
Vendor
centurysys
Product
futurenet_nxr-g100_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 6.23.10 (custom)
Vendor
centurysys
Product
futurenet_nxr-g060_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 21.15.5 (custom)
Vendor
centurysys
Product
futurenet_nxr-g050_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 21.12.9 (custom)
Vendor
centurysys
Product
futurenet_vxr\/x64_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_vxr\/x64_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 21.7.31 (custom)
Vendor
centurysys
Product
futurenet_vxr\/x86_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_vxr\/x86_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 10.1.4 (custom)
Vendor
centurysys
Product
futurenet_nxr-1200_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 5.25.21 (custom)
Vendor
centurysys
Product
futurenet_nxr-130\/c_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 5.13.21 (custom)
Vendor
centurysys
Product
futurenet_nxr-155\/c_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 5.22.5M (custom)
Vendor
centurysys
Product
futurenet_nxr-125\/cx_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 5.25.7H (custom)
Vendor
centurysys
Product
futurenet_nxr-120\/c_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 5.25.7H (custom)
Vendor
centurysys
Product
futurenet_wxr-250_firmware
CPEs
  • cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 1.4.7 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
x_transferred
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html
x_transferred
https://jvn.jp/en/vu/JVNVU96424864/
x_transferred
Hyperlink: https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
Resource:
x_transferred
Hyperlink: https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html
Resource:
x_transferred
Hyperlink: https://jvn.jp/en/vu/JVNVU96424864/
Resource:
x_transferred
Details not found