Description
Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.
Published: 2026-03-27
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote File Write
Action: Apply Patch
AI Analysis

Impact

The flaw is a path traversal vulnerability in the NEC Platforms, Ltd. Aterm WX3600HP router series that allows an attacker to write over any file on the device by sending a specially crafted request over the network. This feature directly permits modification of system files, potentially disrupting normal operation or providing a foothold for further compromise.

Affected Systems

All publicly released NEC Aterm WX3600HP firmware versions are considered vulnerable until an official update is issued by NEC. No particular firmware revisions were listed as unaffected.

Risk and Exploitability

The vulnerability has a CVSS score of 6, indicating medium severity. Its EPSS score is below 1 % and it is not included in the CISA KEV catalog, implying a low current exploitation likelihood. The attack vector is inferred to be network‑based, based on the description that the overwrite occurs via a network request. Successful exploitation would grant an attacker control over any file on the device, potentially leading to device compromise or denial of service.

Generated by OpenCVE AI on March 27, 2026 at 15:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware update released by NEC for the Aterm WX3600HP.
  • Restrict access to the router’s management interface to trusted IP addresses using firewall or ACL rules.
  • Enable logging for file modification attempts and review logs for suspicious activity.

Generated by OpenCVE AI on March 27, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Nec aterm Wx3600hp Firmware
CPEs cpe:2.3:h:nec:aterm_wx3600hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wx3600hp_firmware:*:*:*:*:*:*:*:*
Vendors & Products Nec aterm Wx3600hp Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Nec
Nec aterm Wx3600hp
Vendors & Products Nec
Nec aterm Wx3600hp

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Network‑Based Path Traversal Allowing Arbitrary File Write on NEC Aterm WX3600HP

Fri, 27 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nec Aterm Wx3600hp Aterm Wx3600hp Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: NEC

Published:

Updated: 2026-04-10T04:12:05.787Z

Reserved: 2026-03-23T06:04:46.181Z

Link: CVE-2026-4619

cve-icon Vulnrichment

Updated: 2026-03-27T11:59:51.487Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T12:16:20.593

Modified: 2026-04-20T15:18:26.117

Link: CVE-2026-4619

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T07:59:44Z

Weaknesses