CVE-2024-31070

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-31070
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/vu/JVNVU96424864/ Third Party Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html Vendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*
History

27 Sep 2024, 17:54

Type Values Removed Values Added
CPE cpe:2.3:o:centurysys:futurenet_nxr-130\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-130\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-530:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-120\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-160\/lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-230\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g180\/l-ca_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-g180\/l-ca:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-120\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-155\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x86:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_vxr-x64:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-1200:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-350\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_wxr-250:-:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-160\/lw:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-350\/c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:centurysys:futurenet_nxr-230\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:centurysys:futurenet_nxr-125\/cx_firmware:*:*:*:*:*:*:*:*
First Time Centurysys
Centurysys futurenet Wxr-250
Centurysys futurenet Nxr-530
Centurysys futurenet Nxr-530 Firmware
Centurysys futurenet Wxr-250 Firmware
Centurysys futurenet Nxr-650 Firmware
Centurysys futurenet Nxr-g200 Firmware
Centurysys futurenet Nxr-1200
Centurysys futurenet Nxr-g120 Firmware
Centurysys futurenet Nxr-g050 Firmware
Centurysys futurenet Nxr-350\/c Firmware
Centurysys futurenet Nxr-130\/c Firmware
Centurysys futurenet Vxr-x64
Centurysys futurenet Nxr-120\/c Firmware
Centurysys futurenet Nxr-g180\/l-ca Firmware
Centurysys futurenet Nxr-130\/c
Centurysys futurenet Nxr-g060 Firmware
Centurysys futurenet Nxr-125\/cx Firmware
Centurysys futurenet Nxr-g100 Firmware
Centurysys futurenet Nxr-350\/c
Centurysys futurenet Nxr-g110 Firmware
Centurysys futurenet Nxr-1200 Firmware
Centurysys futurenet Nxr-g180\/l-ca
Centurysys futurenet Nxr-230\/c Firmware
Centurysys futurenet Nxr-1300 Firmware
Centurysys futurenet Vxr-x86
Centurysys futurenet Nxr-160\/lw
Centurysys futurenet Nxr-120\/c
Centurysys futurenet Nxr-610x Firmware
Centurysys futurenet Nxr-230\/c
Centurysys futurenet Nxr-155\/c Firmware
Centurysys futurenet Nxr-160\/lw Firmware
References () https://jvn.jp/en/vu/JVNVU96424864/ - () https://jvn.jp/en/vu/JVNVU96424864/ - Third Party Advisory
References () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html - () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html - Vendor Advisory
References () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html - () https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html - Vendor Advisory

01 Aug 2024, 13:50

Type Values Removed Values Added
CWE CWE-1188
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.1
Summary
  • (es) La inicialización de un recurso con una vulnerabilidad predeterminada insegura en las series FutureNet NXR, VXR y WXR proporcionadas por Century Systems Co., Ltd. permite a un atacante remoto no autenticado acceder al servicio telnet de forma ilimitada.

17 Jul 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-17 09:15

Updated : 2024-09-27 17:54

NVD link : CVE-2024-31070

Mitre link : CVE-2024-31070

CVE.ORG link : CVE-2024-31070

JSON object : View

Products Affected

centurysys

  • futurenet_wxr-250_firmware
  • futurenet_nxr-g120_firmware
  • futurenet_nxr-530_firmware
  • futurenet_nxr-g110_firmware
  • futurenet_wxr-250
  • futurenet_nxr-130\/c_firmware
  • futurenet_nxr-g050_firmware
  • futurenet_nxr-g180\/l-ca
  • futurenet_nxr-g060_firmware
  • futurenet_nxr-1300_firmware
  • futurenet_nxr-g180\/l-ca_firmware
  • futurenet_nxr-350\/c
  • futurenet_nxr-g100_firmware
  • futurenet_nxr-120\/c_firmware
  • futurenet_nxr-230\/c
  • futurenet_vxr-x86
  • futurenet_nxr-530
  • futurenet_nxr-610x_firmware
  • futurenet_vxr-x64
  • futurenet_nxr-230\/c_firmware
  • futurenet_nxr-350\/c_firmware
  • futurenet_nxr-160\/lw_firmware
  • futurenet_nxr-155\/c_firmware
  • futurenet_nxr-125\/cx_firmware
  • futurenet_nxr-160\/lw
  • futurenet_nxr-g200_firmware
  • futurenet_nxr-120\/c
  • futurenet_nxr-1200_firmware
  • futurenet_nxr-130\/c
  • futurenet_nxr-650_firmware
  • futurenet_nxr-1200
CWE
CWE-1188

Insecure Default Initialization of Resource


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024