CVE-2025-24846: Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability...
Description
Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request.
Classification
CVE ID: CVE-2025-24846
CVSS Base Severity: HIGH
CVSS Base Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Problem Types
Authentication Bypass Using an Alternate Path or ChannelAffected Products
Vendor: Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd.
Product: FutureNet AS-250/S, FutureNet AS-250/F-SC, FutureNet AS-250/F-KO, FutureNet AS-250/NL, FutureNet AS-250/KL, FutureNet AS-250/KL Rev2, FutureNet AS-250/L, FutureNet AS-M250/L, FutureNet AS-M250/KL, FutureNet AS-M250/NL, FutureNet AS-P250/NL, FutureNet AS-P250/KL, FutureNet AS-210/U4
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.13% (probability of being exploited)
EPSS Percentile: 29.37% (scored less or equal to compared to others)
EPSS Date: 2025-04-01 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-24846https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html
https://jvn.jp/en/vu/JVNVU96398949/