Published:2025/02/28  Last Updated:2025/02/28

JVNVU#96398949
Multiple vulnerabilities in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine)

Overview

FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. contain multiple vulnerabilities.

Products Affected

CVE-2025-24846

  • FutureNet AS-250/S firmware Version 1.14.0 and earlier
  • FutureNet AS-250/F-SC firmware Version 1.14.0 and earlier
  • FutureNet AS-250/F-KO firmware Version 1.14.0 and earlier
  • FutureNet AS-250/NL firmware Version 1.14.0 and earlier
  • FutureNet AS-250/KL firmware Version 1.14.0 and earlier
  • FutureNet AS-250/KL Rev2 firmware Version 2.6.4 and earlier
  • FutureNet AS-250/L firmware Version 2.6.4 and earlier
  • FutureNet AS-M250/L firmware Version 2.6.4 and earlier
  • FutureNet AS-M250/KL firmware Version 2.6.4 and earlier
  • FutureNet AS-M250/NL firmware Version 2.6.4 and earlier
  • FutureNet AS-P250/NL firmware Version 2.6.4 and earlier
  • FutureNet AS-P250/KL firmware Version 2.6.4 and earlier
  • FutureNet AS-210/U4 firmware Version 2.6.4 and earlier
CVE-2025-25280
  • FutureNet AS-250/S firmware Version 1.14.0 and earlier
  • FutureNet AS-250/F-SC firmware Version 1.14.0 and earlier
  • FutureNet AS-250/F-KO firmware Version 1.14.0 and earlier
  • FutureNet AS-250/NL firmware Version 1.14.0 and earlier
  • FutureNet AS-250/KL firmware Version 1.14.0 and earlier
  • FutureNet AS-250/KL Rev2 firmware Version 2.6.6 and earlier
  • FutureNet AS-250/L firmware Version 2.6.6 and earlier
  • FutureNet AS-M250/L firmware Version 3.0.0 and earlier
  • FutureNet AS-M250/KL firmware Version 3.0.0 and earlier
  • FutureNet AS-M250/NL firmware Version 3.0.0 and earlier
  • FutureNet AS-P250/NL firmware Version 2.6.6 and earlier
  • FutureNet AS-P250/KL firmware Version 2.6.6 and earlier
  • FutureNet AS-210/U4 firmware Version 2.6.6 and earlier
  • FutureNet FA-210 firmware Version 1.1.9 and earlier
  • FutureNet FA-215 firmware Version 1.0.1 and earlier

Description

FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.

  • Authentication Bypass (CWE-288)
    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5
    • CVE-2025-24846
  • Buffer Overflow (CWE-120)
    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score 5.3
    • CVE-2025-25280

Impact

  • An unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request (CVE-2025-24846)
  • An unauthenticated attacker may reboot the device by sending a specially crafted request (CVE-2025-25280)

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Apply the workaround
The developer also provides the workaround information.

Stop using the unsupported products
Some of the affected products are no longer supported. (See End of sales products)
The developer recommends to stop using them and to switch to alternatives.

For more information, refer to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Century Systems Co., Ltd. Vulnerable 2025/02/28 Century Systems Co., Ltd. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2025-24846
CVE-2025-25280
JVN iPedia