CVE-2024-31070

CRITICAL EPSS 50.3%
Published Jul 17, 20241y ago · Modified Jun 17, 20262w ago
9.1 CVSS 3.1
Critical
Find Similar
Published Jul 17, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.

CVSS Details

Base Score
9.1
Exploitability
3.9
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
50.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-1188

Affected Products 33

VendorProductVersionRange
centurysysfuturenet_nxr-1300_firmware* <7.4.10
centurysysfuturenet_nxr-155\/c_firmware*any
centurysysfuturenet_nxr-610x_firmware* <21.14.11c
centurysysfuturenet_nxr-g050_firmware* <21.12.10
centurysysfuturenet_nxr-g060_firmware* <21.15.6
centurysysfuturenet_nxr-g100_firmware* <6.23.11
centurysysfuturenet_nxr-g110_firmware* <21.7.32
centurysysfuturenet_nxr-g120_firmware* <21.15.2c
centurysysfuturenet_nxr-g200_firmware* <9.12.16
centurysysfuturenet_vxr-x64* <21.7.32
centurysysfuturenet_vxr-x86* <10.1.5
centurysysfuturenet_nxr-160\/lw_firmware* <21.8.4
centurysysfuturenet_nxr-160\/lw*any
centurysysfuturenet_nxr-230\/c_firmware* <5.30.13
centurysysfuturenet_nxr-230\/c*any
centurysysfuturenet_nxr-350\/c_firmware* <5.30.9c
centurysysfuturenet_nxr-350\/c*any
centurysysfuturenet_nxr-530_firmware* <21.11.14
centurysysfuturenet_nxr-530*any
centurysysfuturenet_nxr-650_firmware* <21.16.2
centurysysfuturenet_nxr-650_firmware*any
centurysysfuturenet_nxr-g180\/l-ca_firmware* <21.7.28c
centurysysfuturenet_nxr-g180\/l-ca*any
centurysysfuturenet_nxr-130\/c_firmware*any
centurysysfuturenet_nxr-130\/c*any
centurysysfuturenet_nxr-125\/cx_firmware*any
centurysysfuturenet_nxr-125\/cx_firmware*any
centurysysfuturenet_nxr-120\/c_firmware*any
centurysysfuturenet_nxr-120\/c*any
centurysysfuturenet_wxr-250_firmware*any
centurysysfuturenet_wxr-250*any
centurysysfuturenet_nxr-1200_firmware*any
centurysysfuturenet_nxr-1200*any

References 3

  • jvn.jp https://jvn.jp/en/vu/JVNVU96424864/
    Third Party Advisory
  • centurysys.co.jp https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html
    Vendor Advisory
  • centurysys.co.jp https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.