FKIE_CVE-2026-4309
Vulnerability from fkie_nvd - Published: 2026-03-27 12:16 - Updated: 2026-04-20 15:15
Severity
Summary
Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.
References
| URL | Tags | ||
|---|---|---|---|
| psirt-info@cyber.jp.nec.com | https://jpn.nec.com/security-info/secinfo/nv26-001_en.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9BC68AC-B83D-4E0B-9B8D-23477CE698B5",
"versionEndExcluding": "1.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "623C9C7B-C947-49A8-9C1D-20B23FDA73ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wf1200cr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE8EF43A-B179-4352-A9C9-09A13AEB63AC",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wf1200cr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A91D9EB-5962-498E-9B14-C5712DDDF7C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BD83BE-3C42-417E-838F-A5D6FB63443F",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "936D9DD3-11E5-4862-B157-85B13EA06C38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg2600hp4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E67DF3D-78B9-4B64-B3D1-B3A0B9951B83",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg2600hp4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA71E45-3623-423D-A1E7-FA7617A22EBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg2600hm4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8631153A-E9AE-4288-B1BD-B035CF51063C",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg2600hm4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20D6198A-B5F8-4E5E-94AE-0C657EBAB137",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg2600hs2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D92216-F37F-49DE-978E-CB9A657D3FE7",
"versionEndExcluding": "1.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg2600hs2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA952A10-D2C7-4155-B805-B5DE9CFA5B96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wx3000hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C5E53E-B37C-4FA6-BE0E-F78C168A7E8C",
"versionEndExcluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wx3000hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F34C11C-91C8-4DE6-B170-06C857E9E3F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wx3600hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D2A1F-56A2-48E3-A046-FBF1EAF865B6",
"versionEndIncluding": "1.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wx3600hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49BA8EF7-AE6D-4E69-A14B-410127D41E01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFDE7A7-2355-434E-929A-E50B0BD5F584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_w1200ex-ms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29756D80-6095-4CCA-9436-FA61503B2E47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg1200hp2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C68B7B4-AA6C-4222-BDC4-AF1E442B248A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg1200hp2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90D0B0AE-064D-4E48-9155-47ECDFBAAE26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg1900hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0826424-1B25-44AD-A60D-7B62C1148B1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg1900hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE892DF-9165-4ED3-B5F4-B3232BC7B07A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg1200hs2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD777679-3495-4BDE-923C-5196FB8D2788",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg1200hs2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65C2F75B-CA40-4795-ABD4-2101A1DF1EDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg1800hp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF80998-6400-48F3-A990-D5B87C665D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87EF7C61-A13A-4EF8-8034-90D7E2AD3A86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg1200hp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB35FC8-62FF-4A6D-AB97-883FCEE8307B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg1200hp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB299D6D-056F-4F75-AD19-81F11C79CA08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg1900hp2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AB180-F2E1-47F9-BBB1-A2D94325DEDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg1900hp2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "189508FB-75EC-49CE-A6F5-3E4A8F3E57E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg1200hs3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "644FC7C2-94C6-48DF-B487-2F97FF752CAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg1200hs3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE6AFC0-F46F-491F-88E0-5EB17420F5EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg1800hp4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64691C9F-576D-416E-A6B0-042FEE21DD06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg1800hp4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9130B16-D277-4335-8FBF-83715094FA70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg1200hp4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEF9893-7104-4EFB-8504-58F2B8CF95D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg1200hp4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A89DF7B-F002-43C6-BD55-AD93A12522E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wg1200hs4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E29E36-6D47-4CD4-BEDB-7F480FBF2834",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wg1200hs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4840DCB-8E32-4989-A89E-BA787CE4B3F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nec:aterm_wx1500hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2724C104-05C2-4907-A2DE-E6E3D3BC1E8F",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:aterm_wx1500hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1326D2EC-FF31-45A7-8DCE-1371DA0FD779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."
}
],
"id": "CVE-2026-4309",
"lastModified": "2026-04-20T15:15:13.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "psirt-info@cyber.jp.nec.com",
"type": "Secondary"
}
]
},
"published": "2026-03-27T12:16:20.370",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "psirt-info@cyber.jp.nec.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…