{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-36491","assignerOrgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","state":"PUBLISHED","assignerShortName":"jpcert","dateReserved":"2024-06-06T06:08:01.273Z","datePublished":"2024-07-17T08:50:11.777Z","dateUpdated":"2025-04-08T20:43:36.698Z"},"containers":{"cna":{"affected":[{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-1300 series","versions":[{"version":"firmware version 7.4.9 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-650","versions":[{"version":"firmware version 21.16.1 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-610X series","versions":[{"version":"firmware version 21.14.11 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-530","versions":[{"version":"firmware version 21.11.13 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-350/C","versions":[{"version":"firmware version 5.30.9 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-230/C","versions":[{"version":"firmware version 5.30.12 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-160/LW","versions":[{"version":"firmware version 21.8.3 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-G200 series","versions":[{"version":"firmware version 9.12.15 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-G180/L-CA","versions":[{"version":"firmware version 21.7.28B and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-G120 series","versions":[{"version":"firmware version 21.15.2 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-G110 series","versions":[{"version":"firmware version 21.7.30C and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-G100 series","versions":[{"version":"firmware version 6.23.10 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-G060 series","versions":[{"version":"firmware version 21.15.5 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-G050 series","versions":[{"version":"firmware version 21.12.9 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet VXR/x64","versions":[{"version":"firmware version 21.7.31 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet VXR/x86","versions":[{"version":"firmware version 10.1.4 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-1200","versions":[{"version":"firmware version 5.25.21 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-130/C","versions":[{"version":"firmware version 5.13.21 and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-155/C series","versions":[{"version":"firmware version 5.22.5M and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-125/CX","versions":[{"version":"firmware version 5.25.7H and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet NXR-120/C","versions":[{"version":"firmware version 5.25.7H and earlier","status":"affected"}]},{"vendor":"Century Systems Co., Ltd.","product":"FutureNet WXR-250","versions":[{"version":"firmware version 1.4.7 and earlier","status":"affected"}]}],"descriptions":[{"lang":"en","value":"FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition."}],"problemTypes":[{"descriptions":[{"description":"OS command injection","lang":"en-US","type":"text"}]}],"references":[{"url":"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html"},{"url":"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html"},{"url":"https://jvn.jp/en/vu/JVNVU96424864/"}],"providerMetadata":{"orgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","shortName":"jpcert","dateUpdated":"2025-04-01T04:45:52.077Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-78","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}],"affected":[{"vendor":"centurysys","product":"futurenet_nxr-1300_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-1300_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"7.4.9","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-650_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-650_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"21.16.1","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-610x_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-610x_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"21.14.11","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-530_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-530_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"21.11.13","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-350\\/c_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-350\\/c_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"5.30.9","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-230\\/c_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-230\\/c_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"5.30.12","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-160\\/lw_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-160\\/lw_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"21.8.3","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-g200_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-g200_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"9.12.15","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-g180\\/l-ca_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-g180\\/l-ca_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"21.7.28B","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-g120_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-g120_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"21.15.2","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-g110_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-g110_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"21.7.30C","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-g100_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-g100_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"6.23.10","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-g060_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-g060_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"21.15.5","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-g050_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-g050_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"21.12.9","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_vxr\\/x64_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_vxr\\/x64_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"21.7.31","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_vxr\\/x86_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_vxr\\/x86_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"10.1.4","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-1200_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-1200_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"5.25.21","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-130\\/c_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-130\\/c_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"5.13.21","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-155\\/c_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-155\\/c_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"5.22.5M","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-125\\/cx_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-125\\/cx_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"5.25.7H","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_nxr-120\\/c_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_nxr-120\\/c_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"5.25.7H","versionType":"custom"}]},{"vendor":"centurysys","product":"futurenet_wxr-250_firmware","cpes":["cpe:2.3:o:centurysys:futurenet_wxr-250_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"1.4.7","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-07-25T19:34:01.135233Z","id":"CVE-2024-36491","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-08T20:43:36.698Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:37:05.269Z"},"title":"CVE Program Container","references":[{"url":"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html","tags":["x_transferred"]},{"url":"https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html","tags":["x_transferred"]},{"url":"https://jvn.jp/en/vu/JVNVU96424864/","tags":["x_transferred"]}]}]}}