[Japanese]

JVNDB-2025-002714

Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers

Overview

FutureNet NXR series, VXR series and WXR series routers provided by Century Systems Co., Ltd. fail to properly handle symbolic link files (CWE-61).

Century Systems Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.2 (Medium) [Other]
  • Attack Vector: physics
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


Century Systems Co., Ltd.
  • FutureNet NXR series
  • FutureNet VXR series
  • FutureNet WXR series

As for the details of affected product names, models, and versions, refer to the information provided by the developer.
Impact

Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.
Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.

[Stop using the products]
According to the developer, some affected products are no longer supported. (See End of life products.)
The developer recommends stop using them and switching to alternatives.

For more information, refer to the information provided by the developer.
Vendor Information

Century Systems Co., Ltd.
CWE (What is CWE?)

  1. UNIX Symbolic Link (Symlink) Following(CWE-61) [Other]
CVE (What is CVE?)

  1. CVE-2025-30485
References

  1. JVN : JVNVU#92821536
Revision History

  • [2025/03/31]
      Web page was published
  • [2025/04/03]
      Title was modified
      Overview was modified
      Affected Products : Products were added
      Solution was modified

Date Public2025/03/28
Date First Published2025/03/31
Date Last Updated2025/04/03