CVE-2024-36491: FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS...
Description
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.
Classification
CVE ID: CVE-2024-36491
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.8
Problem Types
OS command injectionAffected Products
Vendor: Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd.
Product: FutureNet NXR-1300 series, FutureNet NXR-650, FutureNet NXR-610X series, FutureNet NXR-530, FutureNet NXR-350/C, FutureNet NXR-230/C, FutureNet NXR-160/LW, FutureNet NXR-G200 series, FutureNet NXR-G180/L-CA, FutureNet NXR-G120 series, FutureNet NXR-G110 series, FutureNet NXR-G100 series, FutureNet NXR-G060 series, FutureNet NXR-G050 series, FutureNet VXR/x64, FutureNet VXR/x86, FutureNet NXR-1200, FutureNet NXR-130/C, FutureNet NXR-155/C series, FutureNet NXR-125/CX, FutureNet NXR-120/C, FutureNet WXR-250
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.75% (probability of being exploited)
EPSS Percentile: 70.82% (scored less or equal to compared to others)
EPSS Date: 2025-04-07 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: true