CVE-2024-50357

Name of the Vulnerable Software and Affected Versions FutureNet NXR series routers (affected versions not specified)

Description The issue concerns the unexpected enabling of REST-APIs in the initial configuration of FutureNet NXR series routers, provided that either http-server (GUI) or Web authentication is enabled. Since the factory default configuration has http-server (GUI) enabled, REST-APIs are also enabled by default, with predefined username and password for REST-APIs. This allows an attacker to obtain and/or alter the affected product's settings via REST-APIs.

Recommendations As a temporary workaround, consider disabling the REST-APIs until a patch is available. Restrict access to the REST-APIs to minimize the risk of exploitation. Avoid using the predefined username and password in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.