CVE-2024-31070 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-31070 PUBLISHED CVSS 9.800000190734863 CRITICAL

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. * Initialization of a Resource with an Insecure Default (CWE-1188) - CVE-2024-31070 * Active Debug Code (CWE-489) - CVE-2024-36475 * OS Command Injection (CWE-78) - CVE-2024-36491 * Buffer Overflow (CWE-120) - CVE-2020-10188 The product uses previous versions of netkit-telnet which contains a known vulnerability. CVE-2024-31070, CVE-2024-36475 Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2024-36491, CVE-2020-10188 Century Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.

EPSS 2.07% · 83.8th percentile

Risk Scores

CVSS v3.0

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

2.07%

83.8th percentile

Affected Products

Vendor	Product	Versions
Century Systems Co., Ltd.	FutureNet NXR-G120 series
Century Systems Co., Ltd.	FutureNet NXR-125/CX
Century Systems Co., Ltd.	FutureNet NXR-610X series
Century Systems Co., Ltd.	FutureNet NXR-G200 series
Century Systems Co., Ltd.	FutureNet VXR/x64
Century Systems Co., Ltd.	FutureNet NXR-350/C
Century Systems Co., Ltd.	FutureNet NXR-230/C
Century Systems Co., Ltd.	FutureNet NXR-G110 series
Century Systems Co., Ltd.	FutureNet WXR-250
Century Systems Co., Ltd.	FutureNet NXR-530
Century Systems Co., Ltd.	FutureNet NXR-650
Century Systems Co., Ltd.	FutureNet NXR-G060 series
Century Systems Co., Ltd.	FutureNet NXR-1200
Century Systems Co., Ltd.	FutureNet NXR-160/LW
Century Systems Co., Ltd.	FutureNet VXR/x86
Century Systems Co., Ltd.	FutureNet NXR-1300 series
Century Systems Co., Ltd.	FutureNet NXR-G180/L-CA
Century Systems Co., Ltd.	FutureNet NXR-155/C series
Century Systems Co., Ltd.	FutureNet NXR-G050 series
Century Systems Co., Ltd.	FutureNet NXR-G100 series

…and 2 more

Timeline

Jul 17, 2024 CVE Published
Jul 18, 2024 EPSS Score
Aug 2, 2024 CVE Updated
Aug 8, 2024 EPSS Score
Sep 20, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 11, 2024 EPSS Score
Nov 1, 2024 EPSS Score
Nov 22, 2024 EPSS Score
Jan 4, 2025 EPSS Score
Jan 26, 2025 EPSS Score
Feb 16, 2025 EPSS Score

References

https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-004595.html advisory

Open in Interactive Console →