Vulnerabilites related to Century Systems Co., Ltd. - FutureNet AS-P250/NL
cve-2025-24846
Vulnerability from cvelistv5
Published
2025-03-03 08:23
Modified
2025-03-03 13:17
Severity ?
EPSS score ?
Summary
Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Century Systems Co., Ltd. | FutureNet AS-250/S |
Version: firmware Version 1.14.0 and earlier |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24846", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-03T13:15:19.774363Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-03T13:17:41.955Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "FutureNet AS-250/S", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 1.14.0 and earlier", }, ], }, { product: "FutureNet AS-250/F-SC", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 1.14.0 and earlier", }, ], }, { product: "FutureNet AS-250/F-KO", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 1.14.0 and earlier", }, ], }, { product: "FutureNet AS-250/NL", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 1.14.0 and earlier", }, ], }, { product: "FutureNet AS-250/KL", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 1.14.0 and earlier", }, ], }, { product: "FutureNet AS-250/KL Rev2", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.4 and earlier", }, ], }, { product: "FutureNet AS-250/L", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.4 and earlier", }, ], }, { product: "FutureNet AS-M250/L", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.4 and earlier", }, ], }, { product: "FutureNet AS-M250/KL", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.4 and earlier", }, ], }, { product: "FutureNet AS-M250/NL", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.4 and earlier", }, ], }, { product: "FutureNet AS-P250/NL", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.4 and earlier", }, ], }, { product: "FutureNet AS-P250/KL", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.4 and earlier", }, ], }, { product: "FutureNet AS-210/U4", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.4 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-288", description: "Authentication Bypass Using an Alternate Path or Channel", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-03T08:23:52.407Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html", }, { url: "https://jvn.jp/en/vu/JVNVU96398949/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2025-24846", datePublished: "2025-03-03T08:23:52.407Z", dateReserved: "2025-02-17T04:46:48.959Z", dateUpdated: "2025-03-03T13:17:41.955Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-25280
Vulnerability from cvelistv5
Published
2025-03-03 08:25
Modified
2025-03-03 14:53
Severity ?
EPSS score ?
Summary
Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Century Systems Co., Ltd. | FutureNet AS-250/S |
Version: firmware Version 1.14.0 and earlier |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-25280", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-03T14:52:46.483841Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-03T14:53:08.462Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "FutureNet AS-250/S", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 1.14.0 and earlier", }, ], }, { product: "FutureNet AS-250/F-SC", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 1.14.0 and earlier", }, ], }, { product: "FutureNet AS-250/F-KO", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 1.14.0 and earlier", }, ], }, { product: "FutureNet AS-250/NL", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 1.14.0 and earlier", }, ], }, { product: "FutureNet AS-250/KL", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 1.14.0 and earlier", }, ], }, { product: "FutureNet AS-250/KL Rev2", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.6 and earlier", }, ], }, { product: "FutureNet AS-250/L", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.6 and earlier", }, ], }, { product: "FutureNet AS-M250/L", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 3.0.0 and earlier", }, ], }, { product: "FutureNet AS-M250/KL", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 3.0.0 and earlier", }, ], }, { product: "FutureNet AS-M250/NL", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 3.0.0 and earlier", }, ], }, { product: "FutureNet AS-P250/NL", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.6 and earlier", }, ], }, { product: "FutureNet AS-P250/KL", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.6 and earlier", }, ], }, { product: "FutureNet AS-210/U4", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 2.6.6 and earlier", }, ], }, { product: "FutureNet FA-210", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 1.1.9 and earlier", }, ], }, { product: "FutureNet FA-215", vendor: "Century Systems Co., Ltd.", versions: [ { status: "affected", version: "firmware Version 1.0.1 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "Buffer overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-03T08:25:16.938Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html", }, { url: "https://jvn.jp/en/vu/JVNVU96398949/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2025-25280", datePublished: "2025-03-03T08:25:16.938Z", dateReserved: "2025-02-17T04:46:45.646Z", dateUpdated: "2025-03-03T14:53:08.462Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }