3 results (0.009 seconds)

CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition. • https://jvn.jp/en/vu/JVNVU96424864 https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 0

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed. • https://jvn.jp/en/vu/JVNVU96424864 https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html • CWE-489: Active Debug Code •

CVSS: 9.1EPSS: 0%CPEs: 22EXPL: 0

Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly. • https://jvn.jp/en/vu/JVNVU96424864 https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html • CWE-1188: Initialization of a Resource with an Insecure Default •