CVE-2024-50357

Description

FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product's settings via REST-APIs.

Category

9.8
CVSS
Severity: Critical
CVSS 3.0 •
EPSS 0.23%
Affected: Century Systems Co., Ltd. FutureNet NXR-G110 series
Affected: Century Systems Co., Ltd. FutureNet NXR-G060 series
Affected: Century Systems Co., Ltd. FutureNet NXR-G050 series
Published at:
Updated at:

References

Link Tags
https://www.centurysys.co.jp/backnumber/nxr_common/20241031-01.html
https://jvn.jp/en/vu/JVNVU95001899/

Frequently Asked Questions

What is the severity of CVE-2024-50357?
CVE-2024-50357 has been scored as a critical severity vulnerability.
How to fix CVE-2024-50357?
To fix CVE-2024-50357, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50357 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50357 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50357?
CVE-2024-50357 affects Century Systems Co., Ltd. FutureNet NXR-G110 series, Century Systems Co., Ltd. FutureNet NXR-G060 series, Century Systems Co., Ltd. FutureNet NXR-G050 series.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.