CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2024-36491
https://notcve.org/view.php?id=CVE-2024-36491
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition. • https://jvn.jp/en/vu/JVNVU96424864 https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 0CVE-2024-36475
https://notcve.org/view.php?id=CVE-2024-36475
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed. • https://jvn.jp/en/vu/JVNVU96424864 https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html • CWE-489: Active Debug Code •
CVSS: 9.1EPSS: 0%CPEs: 22EXPL: 0CVE-2024-31070
https://notcve.org/view.php?id=CVE-2024-31070
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly. • https://jvn.jp/en/vu/JVNVU96424864 https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html • CWE-1188: Initialization of a Resource with an Insecure Default •