ГлавнаяУязвимости → CVE-2024-36475
8.8высокая

CVE-2024-36475

Описание

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

Затрагиваемое ПО
Centurysys Futurenet nxr-1300 firmwareCenturysys Futurenet nxr-155\/c firmwareCenturysys Futurenet nxr-610x firmwareCenturysys Futurenet nxr-g050 firmwareCenturysys Futurenet nxr-g060 firmwareCenturysys Futurenet nxr-g100 firmwareCenturysys Futurenet nxr-g110 firmwareCenturysys Futurenet nxr-g120 firmwareCenturysys Futurenet nxr-g200 firmwareCenturysys Futurenet vxr-x64Centurysys Futurenet vxr-x86Centurysys Futurenet nxr-160\/lw firmwareCenturysys Futurenet nxr-160\/lwCenturysys Futurenet nxr-230\/c firmwareCenturysys Futurenet nxr-230\/cCenturysys Futurenet nxr-350\/c firmwareCenturysys Futurenet nxr-350\/cCenturysys Futurenet nxr-530 firmwareCenturysys Futurenet nxr-530Centurysys Futurenet nxr-650 firmwareCenturysys Futurenet nxr-650Centurysys Futurenet nxr-g180\/l-ca firmwareCenturysys Futurenet nxr-g180\/l-caCenturysys Futurenet nxr-130\/c firmwareCenturysys Futurenet nxr-130\/c
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://jvn.jp/en/vu/JVNVU96424864/https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.htmlhttps://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.htmlhttps://jvn.jp/en/vu/JVNVU96424864/https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.htmlhttps://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html