Description
Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.
Published: 2026-03-27
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote File Write
Action: Apply Patch
AI Analysis

Impact

The flaw is a path traversal vulnerability in the NEC Platforms, Ltd. Aterm WX3600HP router series that allows an attacker to write over any file on the device by sending a specially crafted request over the network. This feature directly permits modification of system files, potentially disrupting normal operation or providing a foothold for further compromise.

Affected Systems

All publicly released NEC Aterm WX3600HP firmware versions are considered vulnerable until an official update is issued by NEC. No particular firmware revisions were listed as unaffected.

Risk and Exploitability

The vulnerability has a CVSS score of 6, indicating medium severity. Its EPSS score is below 1 % and it is not included in the CISA KEV catalog, implying a low current exploitation likelihood. The attack vector is inferred to be network‑based, based on the description that the overwrite occurs via a network request. Successful exploitation would grant an attacker control over any file on the device, potentially leading to device compromise or denial of service.

Generated by OpenCVE AI on March 27, 2026 at 15:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware update released by NEC for the Aterm WX3600HP.
  • Restrict access to the router’s management interface to trusted IP addresses using firewall or ACL rules.
  • Enable logging for file modification attempts and review logs for suspicious activity.

Generated by OpenCVE AI on March 27, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Network‑Based Path Traversal Allowing Arbitrary File Write on NEC Aterm WX3600HP

Fri, 27 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: NEC

Published:

Updated: 2026-03-27T11:59:56.839Z

Reserved: 2026-03-23T06:04:46.181Z

Link: CVE-2026-4619

cve-icon Vulnrichment

Updated: 2026-03-27T11:59:51.487Z

cve-icon NVD

Status : Received

Published: 2026-03-27T12:16:20.593

Modified: 2026-03-27T12:16:20.593

Link: CVE-2026-4619

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T15:47:05Z

Weaknesses