cbcvebase.

Century Systems Co Ltd Futurenet Nxr-G050 Series vulnerabilities

5 known vulnerabilities affecting century_systems_co_ltd/futurenet_nxr-g050_series.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-31070P2CRITICALCVSS 9.1vfirmware version 21.12.9 and earlier2024-07-17
CVE-2024-31070 [CRITICAL] CWE-1188 CVE-2024-31070: Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR ser Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.
nvd
CVE-2024-50357P2CRITICALCVSS 9.8vfirmware versions 21.12.5 and later but prior to 21.12.112024-11-29
CVE-2024-50357 [CRITICAL] CWE-684 CVE-2024-50357: FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configu FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration ma
nvd
CVE-2024-36475P3HIGHCVSS 8.8vfirmware version 21.12.9 and earlier2024-07-17
CVE-2024-36475 [HIGH] CWE-78 CVE-2024-36475: FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an act FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
nvd
CVE-2024-36491P3CRITICALCVSS 9.8vfirmware version 21.12.9 and earlier2024-07-17
CVE-2024-36491 [CRITICAL] CWE-78 CVE-2024-36491: FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an admin FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.
nvd
CVE-2025-30485P4MEDIUMCVSS 6.2vfirmware version 21.12.11 and earlier2025-04-03
CVE-2025-30485 [MEDIUM] CWE-61 CVE-2025-30485: UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR seri UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.
nvd
Century Systems Co Ltd Futurenet Nxr-G050 Series vulnerabilities | cvebase