CVE-2026-4309 - Vulnerability Details

- Missing Authorization Enables Unauthorized Retrieval and Modification on NEC Aterm Routers

Description

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.

Published: 2026-03-27

Score: 6.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A missing authorization check in NEC Platforms Aterm series routers allows an attacker who can reach the device through its network interfaces to retrieve detailed device information and modify configuration settings, all without valid credentials. This vulnerability can lead to unauthorized alteration of router behavior or exposure of sensitive device data. The weakness is classified as a missing authorization error.

Affected Systems

NEC Platforms Aterm Series routers, including models W1200EX, WF1200CR, WG1200CR, WG1200HP2 to HP4, WG1200HS2 to HS4, WG1800HP3 to HP4, WG1900HP to HP2, WG2600HM4 to HS2, and WX1500HP to WX3600HP. No specific firmware or version details are provided, so the entire model range may be affected.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity. EPSS information is unavailable and the vulnerability is not listed in the CISA KEV catalog. Exploitation would require the attacker to have network connectivity to the router, which could be local or remote if the device is exposed. No public exploitation data or known scripts are documented, so the current risk depends on the exposure of the router and the presence of an update to address the issue.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NEC Platforms, Ltd.

Aterm W1200EX(-MS)

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm WG1200HP2

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm WG1900HP

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm WG1200HS2

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm WG1800HP3

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm WG1200HP3

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm WG1900HP2

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm WG1200HS3

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm WG1800HP4

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm WG1200HP4

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm WG1200HS4

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm WX1500HP

unknown

Version	Status	Constraints
`Before Ver. 1.4.2`	affected	—

NEC Platforms, Ltd.

Aterm WG2600HS

unknown

Version	Status	Constraints
`Before Ver. 1.7.2`	affected	—

NEC Platforms, Ltd.

Aterm WF1200CR

unknown

Version	Status	Constraints
`Before Ver. 1.6.0`	affected	—

NEC Platforms, Ltd.

Aterm WG1200CR

unknown

Version	Status	Constraints
`Before Ver. 1.5.0`	affected	—

NEC Platforms, Ltd.

Aterm WG2600HP4

unknown

Version	Status	Constraints
`Before Ver. 1.4.2`	affected	—

NEC Platforms, Ltd.

Aterm WG2600HM4

unknown

Version	Status	Constraints
`Before Ver. 1.4.2`	affected	—

NEC Platforms, Ltd.

Aterm WG2600HS2

unknown

Version	Status	Constraints
`Before Ver. 1.3.2`	affected	—

NEC Platforms, Ltd.

Aterm WX3000HP

unknown

Version	Status	Constraints
`Before Ver. 2.5.0`	affected	—

NEC Platforms, Ltd.

Aterm WX3600HP

unknown

Version	Status	Constraints
`Before Ver. 1.5.3`	affected	—

NEC Platforms, Ltd.

Aterm GX1200HP

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm GX1200HS4

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm WG1200DM4

unknown

Version	Status	Constraints
`All versions`	affected	—

NEC Platforms, Ltd.

Aterm GB1200PE

unknown

Version	Status	Constraints
`Before Ver. 1.3.1`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:nec:aterm_wf1200cr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wf1200cr:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:nec:aterm_wg2600hp4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hp4:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:nec:aterm_wg2600hm4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hm4:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:nec:aterm_wg2600hs2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hs2:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:nec:aterm_wx3000hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wx3000hp:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:nec:aterm_wx3600hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wx3600hp:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_w1200ex-ms:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:nec:aterm_wg1200hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200hp2:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:nec:aterm_wg1900hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1900hp:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:nec:aterm_wg1200hs2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200hs2:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:nec:aterm_wg1800hp3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:nec:aterm_wg1200hp3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200hp3:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:nec:aterm_wg1900hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1900hp2:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:nec:aterm_wg1200hs3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200hs3:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:nec:aterm_wg1800hp4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1800hp4:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:nec:aterm_wg1200hp4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200hp4:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:nec:aterm_wg1200hs4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200hs4:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:nec:aterm_wx1500hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wx1500hp:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Nec

Aterm W1200ex(-ms)

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Nec

Aterm Wf1200cr

100%

Version	Status	Scheme	Platform
`[0,1.6.0)`	affected	semver	—

Nec

Aterm Wg1200cr

100%

Version	Status	Scheme	Platform
`[0,1.5.0)`	affected	semver	—

Nec

Aterm Wg1200hp2

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Nec

Aterm Wg1200hp3

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Nec

Aterm Wg1200hp4

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Nec

Aterm Wg1200hs2

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Nec

Aterm Wg1200hs3

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Nec

Aterm Wg1200hs4

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Nec

Aterm Wg1800hp3

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Nec

Aterm Wg1800hp4

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Nec

Aterm Wg1900hp

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Nec

Aterm Wg1900hp2

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Nec

Aterm Wg2600hm4

100%

Version	Status	Scheme	Platform
`[0,1.4.2)`	affected	semver	—

Nec

Aterm Wg2600hp4

100%

Version	Status	Scheme	Platform
`[0,1.4.2)`	affected	semver	—

Nec

Aterm Wg2600hs

100%

Version	Status	Scheme	Platform
`[0,1.7.2)`	affected	semver	—

Nec

Aterm Wg2600hs2

100%

Version	Status	Scheme	Platform
`[0,1.3.2)`	affected	semver	—

Nec

Aterm Wx1500hp

100%

Version	Status	Scheme	Platform
`[0,1.4.2)`	affected	semver	—

Nec

Aterm Wx3000hp

100%

Version	Status	Scheme	Platform
`[0,2.5.0)`	affected	semver	—

Nec

Aterm Wx3600hp

100%

Version	Status	Scheme	Platform
`[0,1.5.3)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware update released by NEC for the affected Aterm models
If no update is available, disable or block external management interfaces and restrict internal access to the router configuration pages
Change default administrative credentials and enforce strong passwords
Configure firewall rules to limit management access to trusted IP addresses
Monitor router logs for unauthorized configuration changes

Generated by OpenCVE AI on March 27, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00054.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://jpn.nec.com/security-info/secinfo/nv26-001_en.html

History

Mon, 20 Apr 2026 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nec aterm W1200ex-ms Nec aterm W1200ex-ms Firmware Nec aterm Wf1200cr Firmware Nec aterm Wg1200cr Firmware Nec aterm Wg1200hp2 Firmware Nec aterm Wg1200hp3 Firmware Nec aterm Wg1200hp4 Firmware Nec aterm Wg1200hs2 Firmware Nec aterm Wg1200hs3 Firmware Nec aterm Wg1200hs4 Firmware Nec aterm Wg1800hp3 Firmware Nec aterm Wg1800hp4 Firmware Nec aterm Wg1900hp2 Firmware Nec aterm Wg1900hp Firmware Nec aterm Wg2600hm4 Firmware Nec aterm Wg2600hp4 Firmware Nec aterm Wg2600hs2 Firmware Nec aterm Wg2600hs Firmware Nec aterm Wx1500hp Firmware Nec aterm Wx3000hp Firmware Nec aterm Wx3600hp Firmware
CPEs		cpe:2.3:h:nec:aterm_w1200ex-ms:-:::::::* cpe:2.3:h:nec:aterm_wf1200cr:-:::::::* cpe:2.3:h:nec:aterm_wg1200cr:-:::::::* cpe:2.3:h:nec:aterm_wg1200hp2:-:::::::* cpe:2.3:h:nec:aterm_wg1200hp3:-:::::::* cpe:2.3:h:nec:aterm_wg1200hp4:-:::::::* cpe:2.3:h:nec:aterm_wg1200hs2:-:::::::* cpe:2.3:h:nec:aterm_wg1200hs3:-:::::::* cpe:2.3:h:nec:aterm_wg1200hs4:-:::::::* cpe:2.3:h:nec:aterm_wg1800hp3:-:::::::* cpe:2.3:h:nec:aterm_wg1800hp4:-:::::::* cpe:2.3:h:nec:aterm_wg1900hp2:-:::::::* cpe:2.3:h:nec:aterm_wg1900hp:-:::::::* cpe:2.3:h:nec:aterm_wg2600hm4:-:::::::* cpe:2.3:h:nec:aterm_wg2600hp4:-:::::::* cpe:2.3:h:nec:aterm_wg2600hs2:-:::::::* cpe:2.3:h:nec:aterm_wg2600hs:-:::::::* cpe:2.3:h:nec:aterm_wx1500hp:-:::::::* cpe:2.3:h:nec:aterm_wx3000hp:-:::::::* cpe:2.3:h:nec:aterm_wx3600hp:-:::::::* cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:::::::: cpe:2.3:o:nec:aterm_wf1200cr_firmware:::::::: cpe:2.3:o:nec:aterm_wg1200cr_firmware:::::::: cpe:2.3:o:nec:aterm_wg1200hp2_firmware:::::::: cpe:2.3:o:nec:aterm_wg1200hp3_firmware:::::::: cpe:2.3:o:nec:aterm_wg1200hp4_firmware:::::::: cpe:2.3:o:nec:aterm_wg1200hs2_firmware:::::::: cpe:2.3:o:nec:aterm_wg1200hs3_firmware:::::::: cpe:2.3:o:nec:aterm_wg1200hs4_firmware:::::::: cpe:2.3:o:nec:aterm_wg1800hp3_firmware:::::::: cpe:2.3:o:nec:aterm_wg1800hp4_firmware:::::::: cpe:2.3:o:nec:aterm_wg1900hp2_firmware:::::::: cpe:2.3:o:nec:aterm_wg1900hp_firmware:::::::: cpe:2.3:o:nec:aterm_wg2600hm4_firmware:::::::: cpe:2.3:o:nec:aterm_wg2600hp4_firmware:::::::: cpe:2.3:o:nec:aterm_wg2600hs2_firmware:::::::: cpe:2.3:o:nec:aterm_wg2600hs_firmware:::::::: cpe:2.3:o:nec:aterm_wx1500hp_firmware:::::::: cpe:2.3:o:nec:aterm_wx3000hp_firmware:::::::: cpe:2.3:o:nec:aterm_wx3600hp_firmware::::::::
Vendors & Products		Nec aterm W1200ex-ms Nec aterm W1200ex-ms Firmware Nec aterm Wf1200cr Firmware Nec aterm Wg1200cr Firmware Nec aterm Wg1200hp2 Firmware Nec aterm Wg1200hp3 Firmware Nec aterm Wg1200hp4 Firmware Nec aterm Wg1200hs2 Firmware Nec aterm Wg1200hs3 Firmware Nec aterm Wg1200hs4 Firmware Nec aterm Wg1800hp3 Firmware Nec aterm Wg1800hp4 Firmware Nec aterm Wg1900hp2 Firmware Nec aterm Wg1900hp Firmware Nec aterm Wg2600hm4 Firmware Nec aterm Wg2600hp4 Firmware Nec aterm Wg2600hs2 Firmware Nec aterm Wg2600hs Firmware Nec aterm Wx1500hp Firmware Nec aterm Wx3000hp Firmware Nec aterm Wx3600hp Firmware
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}`

Mon, 30 Mar 2026 07:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nec Nec aterm W1200ex(-ms) Nec aterm Wf1200cr Nec aterm Wg1200cr Nec aterm Wg1200hp2 Nec aterm Wg1200hp3 Nec aterm Wg1200hp4 Nec aterm Wg1200hs2 Nec aterm Wg1200hs3 Nec aterm Wg1200hs4 Nec aterm Wg1800hp3 Nec aterm Wg1800hp4 Nec aterm Wg1900hp Nec aterm Wg1900hp2 Nec aterm Wg2600hm4 Nec aterm Wg2600hp4 Nec aterm Wg2600hs Nec aterm Wg2600hs2 Nec aterm Wx1500hp Nec aterm Wx3000hp Nec aterm Wx3600hp
Vendors & Products		Nec Nec aterm W1200ex(-ms) Nec aterm Wf1200cr Nec aterm Wg1200cr Nec aterm Wg1200hp2 Nec aterm Wg1200hp3 Nec aterm Wg1200hp4 Nec aterm Wg1200hs2 Nec aterm Wg1200hs3 Nec aterm Wg1200hs4 Nec aterm Wg1800hp3 Nec aterm Wg1800hp4 Nec aterm Wg1900hp Nec aterm Wg1900hp2 Nec aterm Wg2600hm4 Nec aterm Wg2600hp4 Nec aterm Wg2600hs Nec aterm Wg2600hs2 Nec aterm Wx1500hp Nec aterm Wx3000hp Nec aterm Wx3600hp

Fri, 27 Mar 2026 20:30:00 +0000

Type	Values Removed	Values Added
Title		Missing Authorization Enables Unauthorized Retrieval and Modification on NEC Aterm Routers

Fri, 27 Mar 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
Description		Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.
Weaknesses		CWE-862
References		https://jpn.nec.com/security-info/secinfo/nv26-001_en.html
Metrics		cvssV4_0 `{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}`

Subscriptions

Nec Aterm W1200ex(-ms) Aterm W1200ex-ms Aterm W1200ex-ms Firmware Aterm Wf1200cr Aterm Wf1200cr Firmware Aterm Wg1200cr Aterm Wg1200cr Firmware Aterm Wg1200hp2 Aterm Wg1200hp2 Firmware Aterm Wg1200hp3 Aterm Wg1200hp3 Firmware Aterm Wg1200hp4 Aterm Wg1200hp4 Firmware Aterm Wg1200hs2 Aterm Wg1200hs2 Firmware Aterm Wg1200hs3 Aterm Wg1200hs3 Firmware Aterm Wg1200hs4 Aterm Wg1200hs4 Firmware Aterm Wg1800hp3 Aterm Wg1800hp3 Firmware Aterm Wg1800hp4 Aterm Wg1800hp4 Firmware Aterm Wg1900hp Aterm Wg1900hp2 Aterm Wg1900hp2 Firmware Aterm Wg1900hp Firmware Aterm Wg2600hm4 Aterm Wg2600hm4 Firmware Aterm Wg2600hp4 Aterm Wg2600hp4 Firmware Aterm Wg2600hs Aterm Wg2600hs2 Aterm Wg2600hs2 Firmware Aterm Wg2600hs Firmware Aterm Wx1500hp Aterm Wx1500hp Firmware Aterm Wx3000hp Aterm Wx3000hp Firmware Aterm Wx3600hp Aterm Wx3600hp Firmware

MITRE

Status: PUBLISHED

Assigner: NEC

Published: 2026-03-27T11:46:26.310Z

Updated: 2026-04-10T04:10:43.726Z

Reserved: 2026-03-17T01:53:09.153Z

Link: CVE-2026-4309

Vulnrichment

Updated: 2026-03-27T12:15:26.979Z

NVD

Status : Analyzed

Published: 2026-03-27T12:16:20.370

Modified: 2026-04-20T15:15:13.133

Link: CVE-2026-4309

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-30T07:02:09Z

Weaknesses

CWE-862

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object