JVNVU#98191201
Multiple vulnerabilities in Century Systems FutureNet MA and IP-K series

Overview

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain multiple vulnerabilities.

Products Affected

• FutureNet MA-X series versions from 6.0.0 to 6.4.1
• FutureNet MA-E300 series versions from 5.0.0 to 6.2.1
• FutureNet MA-S series versions from 5.0.0 to 6.4.0
• FutureNet MA-P series versions from 5.0.0 to 6.4.0
• FutureNet IP-K series versions from 2.0.0 to 2.2.1

Description

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.

• OS command Injection (CWE-78)
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
  • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
  • CVE-2025-54763
• Files or directories acessible to external parties (CWE-552)
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.9
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3
  • CVE-2025-58152

Impact

• A user who logs in to the Web UI of the product may execute an arbitrary OS command (CVE-2025-54763)
• The firmware version and the garbage collection information of the affected product may be retrieved without authentication (CVE-2025-58152)

Solution

Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.

Apply the workarounds
The developer also recommends applying a workaround.
For more information, refer to "Vendor Status" section below.