CVE-2024-36491

CRITICAL
Published Jul 17, 2024 Modified Apr 1, 2025 CWE-78

Description

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.

Is your site exposed to CVE-2024-36491?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-78 OS Command Injection

Affected Products

Vendor Product
centurysys futurenet_nxr-1300_firmware
centurysys futurenet_nxr-155\/c_firmware
centurysys futurenet_nxr-610x_firmware
centurysys futurenet_nxr-g050_firmware
centurysys futurenet_nxr-g060_firmware
centurysys futurenet_nxr-g100_firmware
centurysys futurenet_nxr-g110_firmware
centurysys futurenet_nxr-g120_firmware
centurysys futurenet_nxr-g200_firmware
centurysys futurenet_vxr-x64
centurysys futurenet_vxr-x86
centurysys futurenet_nxr-160\/lw_firmware
centurysys futurenet_nxr-160\/lw
centurysys futurenet_nxr-230\/c_firmware
centurysys futurenet_nxr-230\/c
centurysys futurenet_nxr-350\/c_firmware
centurysys futurenet_nxr-350\/c
centurysys futurenet_nxr-530_firmware
centurysys futurenet_nxr-530
centurysys futurenet_nxr-650_firmware
centurysys futurenet_nxr-650_firmware
centurysys futurenet_nxr-g180\/l-ca_firmware
centurysys futurenet_nxr-g180\/l-ca
centurysys futurenet_nxr-130\/c_firmware
centurysys futurenet_nxr-130\/c
centurysys futurenet_nxr-125\/cx_firmware
centurysys futurenet_nxr-125\/cx_firmware
centurysys futurenet_nxr-120\/c_firmware
centurysys futurenet_nxr-120\/c
centurysys futurenet_wxr-250_firmware
centurysys futurenet_wxr-250
centurysys futurenet_nxr-1200_firmware
centurysys futurenet_nxr-1200

References

Frequently Asked Questions

What is CVE-2024-36491? +
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2024-36491? +
CVE-2024-36491 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2024-36491? +
CVE-2024-36491 affects products from centurysys, specifically: futurenet_nxr-1200, futurenet_nxr-1200_firmware, futurenet_nxr-120\/c, futurenet_nxr-120\/c_firmware, futurenet_nxr-125\/cx_firmware, futurenet_nxr-1300_firmware, futurenet_nxr-130\/c, futurenet_nxr-130\/c_firmware, futurenet_nxr-155\/c_firmware, futurenet_nxr-160\/lw, futurenet_nxr-160\/lw_firmware, futurenet_nxr-230\/c, futurenet_nxr-230\/c_firmware, futurenet_nxr-350\/c, futurenet_nxr-350\/c_firmware, futurenet_nxr-530, futurenet_nxr-530_firmware, futurenet_nxr-610x_firmware, futurenet_nxr-650_firmware, futurenet_nxr-g050_firmware, futurenet_nxr-g060_firmware, futurenet_nxr-g100_firmware, futurenet_nxr-g110_firmware, futurenet_nxr-g120_firmware, futurenet_nxr-g180\/l-ca, futurenet_nxr-g180\/l-ca_firmware, futurenet_nxr-g200_firmware, futurenet_vxr-x64, futurenet_vxr-x86, futurenet_wxr-250, futurenet_wxr-250_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-36491? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-36491 — free, no signup required.