[Japanese]

JVNDB-2024-004595

Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series

Overview

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.
* Initialization of a Resource with an Insecure Default (CWE-1188)
CVE-2024-31070
* Active Debug Code (CWE-489)
CVE-2024-36475
* OS Command Injection (CWE-78)
CVE-2024-36491
* Buffer Overflow (CWE-120)
CVE-2020-10188
The product uses previous versions of netkit-telnet which contains a known vulnerability.

CVE-2024-31070, CVE-2024-36475
Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

CVE-2024-36491, CVE-2020-10188
Century Systems Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-31070

CVSS V3 Severity:
Base Metrics:9.8 (Critical) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-36491

CVSS V3 Severity:
Base Metrics:9.8 (Critical) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2020-10188

CVSS V3 Severity:
Base Metrics:7.2 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-36475
Affected Products


Century Systems Co., Ltd.
  • FutureNet NXR-120/C firmware version 5.25.7H and earlier
  • FutureNet NXR-1200 firmware version 5.25.21 and earlier
  • FutureNet NXR-125/CX firmware version 5.25.7H and earlier
  • FutureNet NXR-130/C firmware version 5.13.21 and earlier
  • FutureNet NXR-1300 series firmware version 7.4.9 and earlier
  • FutureNet NXR-155/C series firmware version 5.22.5M and earlier
  • FutureNet NXR-160/LW firmware version 21.8.3 and earlier
  • FutureNet NXR-230/C firmware version 5.30.12 and earlier
  • FutureNet NXR-350/C firmware version 5.30.9 and earlier
  • FutureNet NXR-530 firmware version 21.11.13 and earlier
  • FutureNet NXR-610X series firmware version 21.14.11 and earlier
  • FutureNet NXR-650 firmware version 21.16.1 and earlier
  • FutureNet NXR-G050 series firmware version 21.12.9 and earlier
  • FutureNet NXR-G060 series firmware version 21.15.5 and earlier
  • FutureNet NXR-G100 series firmware version 6.23.10 and earlier
  • FutureNet NXR-G110 series firmware version 21.7.30C and earlier
  • FutureNet NXR-G120 series firmware version 21.15.2 and earlier
  • FutureNet NXR-G180/L-CA firmware version 21.7.28B and earlier
  • FutureNet NXR-G200 series firmware version 9.12.15 and earlier
  • FutureNet VXR/x64 firmware version 21.7.31 and earlier
  • FutureNet VXR/x86 firmware version 10.1.4 and earlier
  • FutureNet WXR-250 firmware version 1.4.7 and earlier

Impact

* An unauthenticated attacker may access telnet service unlimitedly (CVE-2024-31070)
* If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed (CVE-2024-36475)
* A remote attacker may execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition (CVE-2024-36491, CVE-2020-10188)
Solution

CVE-2024-31070
The developer recommends to disable telnet and enable SSH by using the CLI command, if the product is used with default settings.
According to the developer, telnet is disabled and SSH is enabled by default in the firmware versions released after June 28, 2024.

CVE-2024-36475, CVE-2024-36491, CVE-2020-10188
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.

[Stop using the products]
According to the developer, some affected products are no longer supported.
(See:End of life products(in Japanese).)
The developer recommends stop using them and switching to alternatives.

For more information, refer to the information provided by the developer.
Vendor Information

Century Systems Co., Ltd.
CWE (What is CWE?)

  1. Insecure Default Initialization of Resource(CWE-1188) [Other]
  2. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120) [Other]
  3. Active Debug Code(CWE-489) [Other]
  4. OS Command Injection(CWE-78) [Other]
CVE (What is CVE?)

  1. CVE-2024-31070
  2. CVE-2024-36475
  3. CVE-2024-36491
  4. CVE-2020-10188
References

  1. JVN : JVNVU#96424864
Revision History

  • [2024/07/25]
      Web page was published

Date Public2024/07/16
Date First Published2024/07/29
Date Last Updated2024/07/29