CVE-2024-50357

NONE EPSS 42.1%
Published Nov 29, 20241y ago · Modified Jun 17, 20262w ago
Find Similar
Published Nov 29, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product's settings via REST-APIs.

Threat Intelligence

EPSS Exploit Probability
42.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-684

References 2

  • jvn.jp https://jvn.jp/en/vu/JVNVU95001899/
  • centurysys.co.jp https://www.centurysys.co.jp/backnumber/nxr_common/20241031-01.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.