#VU94611 Active Debug Code in Century Systems products - CVE-2024-36475

Published: 2024-07-19

Vulnerability identifier: #VU94611

Vulnerability risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36475

CWE-ID: CWE-489

Exploitation vector: Network

Exploit availability: No

Vendor: Century Systems

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to the active debug code issue. A remote administrator can execute arbitrary OS commands on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FutureNet NXR-1300: 7.4.9

FutureNet NXR-650: 21.16.1

FutureNet NXR-610X: 21.14.11

FutureNet NXR-530: 21.11.13

FutureNet NXR-350/C: 5.30.9

FutureNet NXR-230/C: 5.30.12

FutureNet NXR-160/LW: 21.8.3

FutureNet NXR-G200: 9.12.15

FutureNet NXR-G180/L-CA: 21.7.28B

FutureNet NXR-G120: 21.15.2

FutureNet NXR-G110: 21.7.30C

FutureNet NXR-G100: 6.23.10

FutureNet NXR-G060: 21.15.5

FutureNet NXR-G050: 21.12.9

FutureNet VXR/x64: 21.7.31

FutureNet VXR/x86: 10.1.4

FutureNet NXR-1200: 5.25.21

FutureNet NXR-130/C: 5.13.21

FutureNet NXR-155/C: 5.22.5M

FutureNet NXR-125/CX: 5.25.7H

FutureNet NXR-120/C: 5.25.7H

FutureNet WXR-250: 1.4.7

External links
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html
https://jvn.jp/en/vu/JVNVU96424864/

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.