CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-24846: Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability...

7.5 CVSS

Description

Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request.

Classification

CVE ID: CVE-2025-24846

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem Types

Authentication Bypass Using an Alternate Path or Channel

Affected Products

Vendor: Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd.

Product: FutureNet AS-250/S, FutureNet AS-250/F-SC, FutureNet AS-250/F-KO, FutureNet AS-250/NL, FutureNet AS-250/KL, FutureNet AS-250/KL Rev2, FutureNet AS-250/L, FutureNet AS-M250/L, FutureNet AS-M250/KL, FutureNet AS-M250/NL, FutureNet AS-P250/NL, FutureNet AS-P250/KL, FutureNet AS-210/U4

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.13% (probability of being exploited)

EPSS Percentile: 29.37% (scored less or equal to compared to others)

EPSS Date: 2025-04-01 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-24846
https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html
https://jvn.jp/en/vu/JVNVU96398949/

Timeline