Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.
AnalysisAI
NEC Aterm wireless router series (including WG1200HP2, WG1900HP, WG1800HP3, WG1200HP4, and nine other models) contain hidden telnet functionality that can be remotely enabled by unauthenticated network attackers via unspecified means, classified as CWE-912 (Hidden Functionality). The vulnerability carries a CVSS 6.3 score reflecting network-accessible attack vector with high complexity requirements and limited confidentiality/integrity impact. No public exploit code or active exploitation via CISA KEV has been confirmed at analysis time, though the remote enablement of administrative telnet access represents a significant privilege escalation pathway for subsequent unauthorized system access.
Technical ContextAI
The vulnerability exists in NEC Platforms, Ltd. Aterm series routers, a consumer/small-business wireless networking product line widely deployed across Japanese and Asian markets. The root cause is classified as CWE-912 (Hidden Functionality in Binary Black-Box), indicating that undocumented administrative or debugging telnet functionality exists within firmware but is not exposed through normal configuration interfaces. An attacker with network access can trigger activation of this hidden service without authentication (PR:N per CVSS vector), likely through malformed requests, specific packet sequences, or exploitation of an undocumented configuration parameter. Telnet is an unencrypted remote shell protocol; once enabled, it typically allows full device administration with root or equivalent privileges, making it a high-value post-exploitation target even if the initial enablement attack vector is difficult (AC:H).
RemediationAI
Check the NEC security advisory at https://jpn.nec.com/security-info/secinfo/nv26-001_en.html for firmware patches specific to your Aterm model and apply the latest available firmware version immediately. If exact patch versions are not yet released, isolate affected routers from untrusted networks using firewall rules that restrict inbound access to the device management interface, disable remote management features if available, and implement network segmentation to limit potential telnet access pathways. Periodically monitor NEC's security announcements for patch releases for your specific Aterm model, and disable or restrict telnet in favor of SSH if administrative access via telnet becomes unexpectedly enabled.
More in Aterm W1200Ex Ms
View allSame weakness CWE-912 – Hidden Functionality
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16589