CVE-2024-36491 is a critical-severity OS Command Injection (CWE-78) vulnerability in Centurysys Futurenet Nxr-650 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 21.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.
Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.