- Description
- FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product's settings via REST-APIs.
- Source
- vultures@jpcert.or.jp
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- vultures@jpcert.or.jp
- CWE-684
- Hype score
- Not currently trending
CVE-2024-50357 Unauthorized Access and Configuration Tampering in FutureNet NXR Routers Century Systems Co., Ltd.'s FutureNet NXR series routers have REST-APIs. These REST-APIs start out disabled by default. But,... https://t.co/GWod38EQ7f
@VulmonFeeds
29 Nov 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-50357: CRITICAL] Century Systems Co., Ltd.'s FutureNet NXR series routers have a security flaw - REST-APIs can be unexpectedly enabled, allowing attackers to access and modify the device settings.#cybersecurity,#vulnerability https://t.co/lOzmctl1bN https://t.co/IQKMWeQ
@CveFindCom
29 Nov 2024
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50357 FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. Bu… https://t.co/YneXy506yy
@CVEnew
29 Nov 2024
550 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes