Filtered by vendor Centurysys Subscriptions
Filtered by product Futurenet Nxr-g060 Firmware Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-50357 1 Centurysys 3 Futurenet Nxr-g050 Firmware, Futurenet Nxr-g060 Firmware, Futurenet Nxr-g110 Firmware 2024-12-02 N/A
FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product's settings via REST-APIs.
CVE-2024-36491 1 Centurysys 33 Futurenet Nxr-1200, Futurenet Nxr-1200 Firmware, Futurenet Nxr-120\/c and 30 more 2024-11-21 9.8 Critical
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition.
CVE-2024-36475 1 Centurysys 35 Futurenet Nxr-1200, Futurenet Nxr-1200 Firmware, Futurenet Nxr-120\/c and 32 more 2024-11-21 7.2 High
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
CVE-2024-31070 1 Centurysys 31 Futurenet Nxr-1200, Futurenet Nxr-1200 Firmware, Futurenet Nxr-120\/c and 28 more 2024-11-21 9.1 Critical
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.