Published:2025/03/28 Last Updated:2025/03/28
JVNVU#92821536
Improper symbolic link file handling in FutureNet NXR series and VXR series routers
Overview
FutureNet NXR series and VXR series routers provided by Century Systems Co., Ltd. fail to properly handle symbolic link files.
Products Affected
- FutureNet NXR series
- FutureNet VXR series
Description
FutureNet NXR series and VXR series routers provided by Century Systems Co., Ltd. fail to properly handle symbolic link files (CWE-61).
Impact
Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Century Systems Co., Ltd. | Vulnerable | 2025/03/28 | Century Systems Co., Ltd. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score:
6.2
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Century Systems Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-30485 |
| JVN iPedia |
|
Update History
- 2025/03/28
- Century Systems Co., Ltd. update status
- 2025/03/28
- Information under the section [Products Affected] was updated