CVE-2024-36491 — CRITICAL (9.8)

Q: How severe is CVE-2024-36491?

CVE-2024-36491 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-36491?

Check the references section above for vendor advisories and patch information. Affected products include: Centurysys Futurenet Nxr-1300 Firmware, Centurysys Futurenet Nxr-155\/C Firmware, Centurysys Futurenet Nxr-610X Firmware, Centurysys Futurenet Nxr-G050 Firmware, Centurysys Futurenet Nxr-G060 Firmware.

Vulnerability Description

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Centurysys	Futurenet Nxr-1300 Firmware	< 7.4.10
Centurysys	Futurenet Nxr-155\/C Firmware	All versions
Centurysys	Futurenet Nxr-610X Firmware	< 21.14.11c
Centurysys	Futurenet Nxr-G050 Firmware	< 21.12.10
Centurysys	Futurenet Nxr-G060 Firmware	< 21.15.6
Centurysys	Futurenet Nxr-G100 Firmware	< 6.23.11
Centurysys	Futurenet Nxr-G110 Firmware	< 21.7.32
Centurysys	Futurenet Nxr-G120 Firmware	< 21.15.2c
Centurysys	Futurenet Nxr-G200 Firmware	< 9.12.16
Centurysys	Futurenet Vxr-X64	< 21.7.32
Centurysys	Futurenet Vxr-X86	< 10.1.5
Centurysys	Futurenet Nxr-160\/Lw Firmware	< 21.8.4
Centurysys	Futurenet Nxr-160\/Lw	-
Centurysys	Futurenet Nxr-230\/C Firmware	< 5.30.13
Centurysys	Futurenet Nxr-230\/C	-
Centurysys	Futurenet Nxr-350\/C Firmware	< 5.30.9c
Centurysys	Futurenet Nxr-350\/C	-
Centurysys	Futurenet Nxr-530 Firmware	< 21.11.14
Centurysys	Futurenet Nxr-530	-
Centurysys	Futurenet Nxr-650 Firmware	< 21.16.2

Related Weaknesses (CWE)

CWE-78

References

https://jvn.jp/en/vu/JVNVU96424864/Third Party Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.htmlVendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.htmlVendor Advisory
https://jvn.jp/en/vu/JVNVU96424864/Third Party Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.htmlVendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.htmlVendor Advisory

FAQ

What is CVE-2024-36491?

CVE-2024-36491 is a vulnerability with a CVSS score of 9.8 (CRITICAL). FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and ca...

How severe is CVE-2024-36491?

CVE-2024-36491 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-36491?

Check the references section above for vendor advisories and patch information. Affected products include: Centurysys Futurenet Nxr-1300 Firmware, Centurysys Futurenet Nxr-155\/C Firmware, Centurysys Futurenet Nxr-610X Firmware, Centurysys Futurenet Nxr-G050 Firmware, Centurysys Futurenet Nxr-G060 Firmware.