CVE-2024-31070

Q: What is the severity of CVE-2024-31070?

CVE-2024-31070 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows remote unauthenticated attackers to access telnet services without restrictions on affected Century Systems devices. It affects FutureNet NXR, VXR, and WXR series devices with insecure default configurations. Attackers can gain unauthorized access to network equipment.

9.1 CRITICAL

Authentication Bypass

📋 TL;DR

This vulnerability allows remote unauthenticated attackers to access telnet services without restrictions on affected Century Systems devices. It affects FutureNet NXR, VXR, and WXR series devices with insecure default configurations. Attackers can gain unauthorized access to network equipment.

💻 Affected Systems

Products:

FutureNet NXR series
FutureNet VXR series
FutureNet WXR series

Versions: All versions prior to patches released in July 2024

Operating Systems: Embedded firmware on affected devices

Default Config Vulnerable: ⚠️ Yes

Notes: Devices with default configurations are vulnerable. Telnet service must be enabled for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of network devices leading to network disruption, data interception, lateral movement to other systems, and persistent backdoor installation.

🟠

Likely Case

Unauthorized access to telnet services allowing configuration changes, network reconnaissance, and potential credential harvesting.

🟢

If Mitigated

Limited impact if telnet is disabled, network segmentation is implemented, and access controls are properly configured.

🌐 Internet-Facing: HIGH - Devices exposed to the internet can be directly exploited by any remote attacker without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this, but requires network access to vulnerable devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only telnet access to vulnerable devices. No authentication or special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released July 2024

Vendor Advisory: https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html

Restart Required: Yes

Instructions:

1. Download latest firmware from Century Systems website. 2. Backup current configuration. 3. Apply firmware update via web interface or console. 4. Reboot device. 5. Verify telnet is disabled or properly secured.

🔧 Temporary Workarounds

Disable Telnet Service

all

Completely disable telnet service on affected devices

telnet disable
no telnet server enable

Restrict Telnet Access

all

Configure access control lists to restrict telnet access to trusted IPs only

access-list 10 permit 192.168.1.0 0.0.0.255
line vty 0 4
access-class 10 in

🧯 If You Can't Patch

Implement network segmentation to isolate affected devices from untrusted networks
Deploy network-based access controls to block telnet traffic (TCP port 23) to vulnerable devices

🔍 How to Verify

Check if Vulnerable:

Attempt telnet connection to device on port 23. If connection succeeds without authentication, device is vulnerable.

Check Version:

show version or display version in device CLI

Verify Fix Applied:

Attempt telnet connection after patch. Connection should fail or require proper authentication.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts on telnet
Successful telnet connections from unexpected sources
Configuration changes via telnet

Network Indicators:

Telnet traffic (TCP/23) to affected devices
Unencrypted telnet sessions

SIEM Query:

source_port=23 OR destination_port=23 AND (device_type="FutureNet" OR device_vendor="Century Systems")

📊 Metadata

CVE ID: CVE-2024-31070

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-1188

Published: July 17, 2024

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/vu/JVNVU96424864/ Third Party Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html Vendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html Vendor Advisory
https://jvn.jp/en/vu/JVNVU96424864/ Third Party Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-01.html Vendor Advisory
https://www.centurysys.co.jp/backnumber/nxr_common/20240716-03.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Futurenet Nxr 120\/c Firmware by Centurysys

Futurenet Nxr 1200 Firmware by Centurysys

Futurenet Nxr 125\/cx Firmware by Centurysys

Futurenet Nxr 130\/c Firmware by Centurysys

Futurenet Nxr 1300 Firmware by Centurysys

Futurenet Nxr 155\/c Firmware by Centurysys

Futurenet Nxr 160\/lw Firmware by Centurysys

Futurenet Nxr 230\/c Firmware by Centurysys

Futurenet Nxr 350\/c Firmware by Centurysys

Futurenet Nxr 530 Firmware by Centurysys

Futurenet Nxr 610x Firmware by Centurysys

Futurenet Nxr 650 Firmware by Centurysys

Futurenet Nxr G050 Firmware by Centurysys

Futurenet Nxr G060 Firmware by Centurysys

Futurenet Nxr G100 Firmware by Centurysys

Futurenet Nxr G110 Firmware by Centurysys

Futurenet Nxr G120 Firmware by Centurysys

Futurenet Nxr G180\/l Ca Firmware by Centurysys

Futurenet Nxr G200 Firmware by Centurysys

Futurenet Vxr X64 by Centurysys

Futurenet Vxr X86 by Centurysys

Futurenet Wxr 250 Firmware by Centurysys