Skip to main content

Aterm Wx3600Hp CVE-2026-4619

| EUVDEUVD-2026-16586 MEDIUM
Path Traversal (CWE-22)
2026-03-27 NEC
6.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 27, 2026 - 12:00 euvd
EUVD-2026-16586
Analysis Generated
Mar 27, 2026 - 12:00 vuln.today
CVE Published
Mar 27, 2026 - 11:46 nvd
MEDIUM 6.0

DescriptionCVE.org

Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.

AnalysisAI

NEC Aterm WX3600HP routers contain a path traversal vulnerability enabling remote attackers to write arbitrary files to the device via network access, potentially compromising system integrity and enabling persistent attacks. The vulnerability (CVE-2026-4619) affects the Aterm WX3600HP model and exploits insufficient input validation in file handling mechanisms. No CVSS score or publicly available exploit has been identified at the time of analysis, though the CWE-22 classification confirms the path traversal root cause.

Technical ContextAI

The vulnerability is rooted in CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, also known as Path Traversal). NEC Aterm series devices (specifically the WX3600HP as documented in CPE cpe:2.3:a:nec_platforms,_ltd.:aterm_wx3600hp:*:*:*:*:*:*:*:*) process user-supplied file paths without adequate validation or sanitization. This allows an attacker to use directory traversal sequences (such as ../ or absolute paths) to write files outside intended directories, potentially to critical system locations. The affected product is a network-attached device (wireless router), making this a network-accessible vulnerability that could be triggered remotely without requiring physical access or elevated credentials.

RemediationAI

Contact NEC support or consult the official security advisory at https://jpn.nec.com/security-info/secinfo/nv26-001_en.html to obtain and apply the available security patch for Aterm WX3600HP. Until patches can be deployed, implement network segmentation to restrict management and administrative access to the affected router to trusted subnets only, disable remote management interfaces if not required, and monitor device logs for suspicious file write attempts. If the device is customer-facing or internet-exposed, prioritize patching or replacement to eliminate the remote write capability.

Share

CVE-2026-4619 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy