Published:2025/03/28  Last Updated:2025/04/02

JVNVU#92821536
Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers

Overview

FutureNet NXR series, VXR series and WXR series routers provided by Century Systems Co., Ltd. fail to properly handle symbolic link files.

Products Affected

  • FutureNet NXR series
  • FutureNet VXR series
  • FutureNet WXR series
As for the details of affected product names, models, and versions, refer to the information provided by the developer.

Description

FutureNet NXR series, VXR series and WXR series routers provided by Century Systems Co., Ltd. fail to properly handle symbolic link files (CWE-61).

Impact

Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Stop using the products
According to the developer, some affected products are no longer supported. (See End of life products.)
The developer recommends stop using them and switching to alternatives.

For more information, refer to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Century Systems Co., Ltd. Vulnerable 2025/03/31 Century Systems Co., Ltd. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score: 6.2
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Credit

Century Systems Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2025-30485
JVN iPedia

Update History

2025/03/28
Century Systems Co., Ltd. update status
2025/03/28
Information under the section [Products Affected] was updated
2025/04/02
Century Systems Co., Ltd. update status
2025/04/02
Information under the section [Title], [Overview], [Products Affected], [Description], and [Solution] was updated