Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.
AnalysisAI
NEC Aterm WX3600HP routers contain a path traversal vulnerability enabling remote attackers to write arbitrary files to the device via network access, potentially compromising system integrity and enabling persistent attacks. The vulnerability (CVE-2026-4619) affects the Aterm WX3600HP model and exploits insufficient input validation in file handling mechanisms. No CVSS score or publicly available exploit has been identified at the time of analysis, though the CWE-22 classification confirms the path traversal root cause.
Technical ContextAI
The vulnerability is rooted in CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, also known as Path Traversal). NEC Aterm series devices (specifically the WX3600HP as documented in CPE cpe:2.3:a:nec_platforms,_ltd.:aterm_wx3600hp:*:*:*:*:*:*:*:*) process user-supplied file paths without adequate validation or sanitization. This allows an attacker to use directory traversal sequences (such as ../ or absolute paths) to write files outside intended directories, potentially to critical system locations. The affected product is a network-attached device (wireless router), making this a network-accessible vulnerability that could be triggered remotely without requiring physical access or elevated credentials.
RemediationAI
Contact NEC support or consult the official security advisory at https://jpn.nec.com/security-info/secinfo/nv26-001_en.html to obtain and apply the available security patch for Aterm WX3600HP. Until patches can be deployed, implement network segmentation to restrict management and administrative access to the affected router to trusted subnets only, disable remote management interfaces if not required, and monitor device logs for suspicious file write attempts. If the device is customer-facing or internet-exposed, prioritize patching or replacement to eliminate the remote write capability.
More in Aterm Wx3600Hp
View allOS command injection in NEC Platforms Aterm wireless router series (models WX1500HP and WX3600HP) permits authenticated
NEC Aterm wireless router series (including WG1200HP2, WG1900HP, WG1800HP3, WG1200HP4, and nine other models) contain hi
NEC Aterm wireless router series (W1200Ex-MS, WG1200HP2, WG1900HP, WG1800HP3, WG1800HP4, WG1200HP3, WG1200HP4, WG1200HS2
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16586