MidnightBSD

Advisories for centurysys

CVE-2024-31070

Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.

Products Affected

Vendor Product Version
centurysys futurenet_nxr-g120_firmware *
centurysys futurenet_nxr-g050_firmware *
centurysys futurenet_nxr-160/lw_firmware *
centurysys futurenet_wxr-250_firmware *
centurysys futurenet_nxr-g180/l-ca_firmware *
centurysys futurenet_vxr-x64 *
centurysys futurenet_nxr-230/c_firmware *
centurysys futurenet_nxr-610x_firmware *
centurysys futurenet_nxr-g200_firmware *
centurysys futurenet_vxr-x86 *
centurysys futurenet_nxr-650_firmware *
centurysys futurenet_nxr-120/c_firmware *
centurysys futurenet_nxr-350/c_firmware *
centurysys futurenet_nxr-530_firmware *
centurysys futurenet_nxr-125/cx_firmware *
centurysys futurenet_nxr-130/c_firmware *
centurysys futurenet_nxr-1300_firmware *
centurysys futurenet_nxr-g060_firmware *
centurysys futurenet_nxr-1200_firmware *
centurysys futurenet_nxr-g110_firmware *
centurysys futurenet_nxr-155/c_firmware *
centurysys futurenet_nxr-g100_firmware *
CVE-2024-36475

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

Products Affected

Vendor Product Version
centurysys futurenet_nxr-g120_firmware *
centurysys futurenet_nxr-g050_firmware *
centurysys futurenet_nxr-160/lw_firmware *
centurysys futurenet_wxr-250_firmware *
centurysys futurenet_nxr-g180/l-ca_firmware *
centurysys futurenet_vxr-x64 *
centurysys futurenet_nxr-230/c_firmware *
centurysys futurenet_nxr-610x_firmware *
centurysys futurenet_nxr-g200_firmware *
centurysys futurenet_vxr-x86 *
centurysys futurenet_nxr-650_firmware *
centurysys futurenet_nxr-120/c_firmware *
centurysys futurenet_nxr-350/c_firmware *
centurysys futurenet_nxr-530_firmware *
centurysys futurenet_nxr-125/cx_firmware *
centurysys futurenet_nxr-130/c_firmware *
centurysys futurenet_nxr-1300_firmware *
centurysys futurenet_nxr-g060_firmware *
centurysys futurenet_nxr-1200_firmware *
centurysys futurenet_nxr-g110_firmware *
centurysys futurenet_nxr-155/c_firmware *
centurysys futurenet_nxr-g100_firmware *
CVE-2024-36491

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition.

Products Affected

Vendor Product Version
centurysys futurenet_nxr-g120_firmware *
centurysys futurenet_nxr-g050_firmware *
centurysys futurenet_nxr-160/lw_firmware *
centurysys futurenet_wxr-250_firmware *
centurysys futurenet_nxr-g180/l-ca_firmware *
centurysys futurenet_vxr-x64 *
centurysys futurenet_nxr-230/c_firmware *
centurysys futurenet_nxr-610x_firmware *
centurysys futurenet_nxr-g200_firmware *
centurysys futurenet_vxr-x86 *
centurysys futurenet_nxr-650_firmware *
centurysys futurenet_nxr-120/c_firmware *
centurysys futurenet_nxr-350/c_firmware *
centurysys futurenet_nxr-530_firmware *
centurysys futurenet_nxr-125/cx_firmware *
centurysys futurenet_nxr-130/c_firmware *
centurysys futurenet_nxr-1300_firmware *
centurysys futurenet_nxr-g060_firmware *
centurysys futurenet_nxr-1200_firmware *
centurysys futurenet_nxr-g110_firmware *
centurysys futurenet_nxr-155/c_firmware *
centurysys futurenet_nxr-g100_firmware *