Century Systems FutureNet MA and IP-K Series OS Command Injection Vulnerability

An OS command injection vulnerability has been identified in the FutureNet MA and IP-K series products by Century Systems Co., Ltd. This vulnerability allows a user logged into the Web UI to execute arbitrary OS commands. The issue affects multiple versions across different FutureNet MA series and the IP-K series.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary OS commands on the affected device.

Remediation

Users are advised to update the firmware to the latest version. Instructions for updating the firmware are available on the Century Systems website. If an immediate update is not possible, it is recommended to strengthen access controls by allowing communication only from trusted IP addresses and to disable the Web server function on MA series devices.