CVE-2024-31070

high-risk

Published 2024-07-17

Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.

Do I need to act?

2.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Futurenet Nxr-1300 Firmware

Futurenet Nxr-155\/C Firmware

Futurenet Nxr-610X Firmware

Futurenet Nxr-G050 Firmware

Futurenet Nxr-G060 Firmware

Futurenet Nxr-G100 Firmware

Futurenet Nxr-G110 Firmware

Futurenet Nxr-G120 Firmware

Futurenet Nxr-G200 Firmware

Futurenet Vxr-X64

Futurenet Vxr-X86

Futurenet Nxr-160\/Lw Firmware

Futurenet Nxr-230\/C Firmware

Futurenet Nxr-350\/C Firmware

Futurenet Nxr-530 Firmware

Futurenet Nxr-650 Firmware

Futurenet Nxr-G180\/L-Ca Firmware

Futurenet Nxr-130\/C Firmware

Futurenet Nxr-125\/Cx Firmware

Futurenet Nxr-120\/C Firmware

Affected Vendors

Centurysys

References (6)

Third Party Advisory https://jvn.jp/en/vu/JVNVU96424864/

Vendor Advisory https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html

Vendor Advisory https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html

Third Party Advisory https://jvn.jp/en/vu/JVNVU96424864/

Vendor Advisory https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html

Vendor Advisory https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html

/ 100

high-risk

Severity 31/34 · Critical

Exploitability 5/34 · Minimal

Exposure 20/34 · Moderate