CVE-2026-4309

moderate-risk

Published 2026-03-27

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Aterm Wg2600Hs Firmware

Aterm Wf1200Cr Firmware

Aterm Wg1200Cr Firmware

Aterm Wg2600Hp4 Firmware

Aterm Wg2600Hm4 Firmware

Aterm Wg2600Hs2 Firmware

Aterm Wx3000Hp Firmware

Aterm Wx3600Hp Firmware

Aterm W1200Ex-Ms Firmware

Aterm Wg1200Hp2 Firmware

Aterm Wg1900Hp Firmware

Aterm Wg1200Hs2 Firmware

Aterm Wg1800Hp3 Firmware

Aterm Wg1200Hp3 Firmware

Aterm Wg1900Hp2 Firmware

Aterm Wg1200Hs3 Firmware

Aterm Wg1800Hp4 Firmware

Aterm Wg1200Hp4 Firmware

Aterm Wg1200Hs4 Firmware

Aterm Wx1500Hp Firmware

Affected Vendors

Nec

References (1)

Vendor Advisory https://jpn.nec.com/security-info/secinfo/nv26-001_en.html

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 20/34 · Moderate