CVE-2024-50357
NONE EPSS 42.1%
Published Nov 29, 20241y ago · Modified Jun 17, 20262w ago
Published Nov 29, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product's settings via REST-APIs.
Threat Intelligence
EPSS Exploit Probability
42.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-684
References 2
- jvn.jp https://jvn.jp/en/vu/JVNVU95001899/
- centurysys.co.jp https://www.centurysys.co.jp/backnumber/nxr_common/20241031-01.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.