Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request.
CVE ID: CVE-2025-24846
CVSS Base Severity: HIGH
CVSS Base Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vendor: Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd.
Product: FutureNet AS-250/S, FutureNet AS-250/F-SC, FutureNet AS-250/F-KO, FutureNet AS-250/NL, FutureNet AS-250/KL, FutureNet AS-250/KL Rev2, FutureNet AS-250/L, FutureNet AS-M250/L, FutureNet AS-M250/KL, FutureNet AS-M250/NL, FutureNet AS-P250/NL, FutureNet AS-P250/KL, FutureNet AS-210/U4
EPSS Score: 0.13% (probability of being exploited)
EPSS Percentile: 29.37% (scored less or equal to compared to others)
EPSS Date: 2025-04-01 (when was this score calculated)