Filtered by vendor Centurysys
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54763 | 1 Centurysys | 5 Futurenet Ip-k Series, Futurenet Ma-e300 Series, Futurenet Ma-p Series and 2 more | 2025-11-03 | 7.2 High |
| FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command. | ||||
| CVE-2025-58152 | 1 Centurysys | 5 Futurenet Ip-k Series, Futurenet Ma-e300 Series, Futurenet Ma-p Series and 2 more | 2025-11-03 | 5.3 Medium |
| FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication. | ||||
| CVE-2008-6449 | 1 Centurysys | 9 Xr-1100, Xr-410, Xr-410-l2 and 6 more | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors. | ||||
| CVE-2024-36491 | 1 Centurysys | 33 Futurenet Nxr-1200, Futurenet Nxr-1200 Firmware, Futurenet Nxr-120\/c and 30 more | 2025-04-08 | 9.8 Critical |
| FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition. | ||||
| CVE-2024-50357 | 1 Centurysys | 3 Futurenet Nxr-g050 Firmware, Futurenet Nxr-g060 Firmware, Futurenet Nxr-g110 Firmware | 2024-12-02 | N/A |
| FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product's settings via REST-APIs. | ||||
| CVE-2024-36475 | 1 Centurysys | 35 Futurenet Nxr-1200, Futurenet Nxr-1200 Firmware, Futurenet Nxr-120\/c and 32 more | 2024-11-21 | 7.2 High |
| FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed. | ||||
| CVE-2024-31070 | 1 Centurysys | 31 Futurenet Nxr-1200, Futurenet Nxr-1200 Firmware, Futurenet Nxr-120\/c and 28 more | 2024-11-21 | 9.1 Critical |
| Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly. | ||||
Page 1 of 1.