CVE-2024-36475 — HIGH (8.8)

Q: How severe is CVE-2024-36475?

CVE-2024-36475 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-36475?

Check the references section above for vendor advisories and patch information. Affected products include: Centurysys Futurenet Nxr-1300 Firmware, Centurysys Futurenet Nxr-155\/C Firmware, Centurysys Futurenet Nxr-610X Firmware, Centurysys Futurenet Nxr-G050 Firmware, Centurysys Futurenet Nxr-G060 Firmware.

Vulnerability Description

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Centurysys	Futurenet Nxr-1300 Firmware	< 7.4.10
Centurysys	Futurenet Nxr-155\/C Firmware	All versions
Centurysys	Futurenet Nxr-610X Firmware	< 21.14.11c
Centurysys	Futurenet Nxr-G050 Firmware	< 21.12.10
Centurysys	Futurenet Nxr-G060 Firmware	< 21.15.6
Centurysys	Futurenet Nxr-G100 Firmware	< 6.23.11
Centurysys	Futurenet Nxr-G110 Firmware	< 21.7.32
Centurysys	Futurenet Nxr-G120 Firmware	< 21.15.2c
Centurysys	Futurenet Nxr-G200 Firmware	< 9.12.16
Centurysys	Futurenet Vxr-X64	< 21.7.32
Centurysys	Futurenet Vxr-X86	< 10.1.5
Centurysys	Futurenet Nxr-160\/Lw Firmware	< 21.8.4
Centurysys	Futurenet Nxr-160\/Lw	-
Centurysys	Futurenet Nxr-230\/C Firmware	< 5.30.13
Centurysys	Futurenet Nxr-230\/C	-
Centurysys	Futurenet Nxr-350\/C Firmware	< 5.30.9c
Centurysys	Futurenet Nxr-350\/C	-
Centurysys	Futurenet Nxr-530 Firmware	< 21.11.14
Centurysys	Futurenet Nxr-530	-
Centurysys	Futurenet Nxr-650 Firmware	< 21.16.2

Related Weaknesses (CWE)

CWE-489 CWE-78

References

https://jvn.jp/en/vu/JVNVU96424864/Third Party Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.htmlVendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.htmlVendor Advisory
https://jvn.jp/en/vu/JVNVU96424864/Third Party Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.htmlVendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.htmlVendor Advisory

FAQ

What is CVE-2024-36475?

CVE-2024-36475 is a vulnerability with a CVSS score of 8.8 (HIGH). FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the produ...

How severe is CVE-2024-36475?

CVE-2024-36475 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-36475?

Check the references section above for vendor advisories and patch information. Affected products include: Centurysys Futurenet Nxr-1300 Firmware, Centurysys Futurenet Nxr-155\/C Firmware, Centurysys Futurenet Nxr-610X Firmware, Centurysys Futurenet Nxr-G050 Firmware, Centurysys Futurenet Nxr-G060 Firmware.