Skip to main content

Aterm Wg2600Hm4

3 CVEs product

Monthly

CVE-2026-4622 HIGH This Week

Multiple NEC Aterm wireless router models are vulnerable to OS command injection that enables network-based attackers with high privileges and user interaction to execute arbitrary operating system commands. The vulnerability carries a CVSS 4.0 score of 7.1 and affects at least eight router models in the Aterm series including WG2600HS, WF1200CR, WG1200CR, WG2600HP4, WG2600HM4, WG2600HS2, WX3000HP, and WX3000HP2. No public exploit identified at time of analysis, though exploitation requires both elevated privileges and user interaction which reduces immediate risk.

Command Injection Aterm Wg2600Hs Aterm Wf1200Cr Aterm Wg1200Cr Aterm Wg2600Hp4 +4
NVD VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-4621 MEDIUM This Month

NEC Aterm wireless router series (including WG1200HP2, WG1900HP, WG1800HP3, WG1200HP4, and nine other models) contain hidden telnet functionality that can be remotely enabled by unauthenticated network attackers via unspecified means, classified as CWE-912 (Hidden Functionality). The vulnerability carries a CVSS 6.3 score reflecting network-accessible attack vector with high complexity requirements and limited confidentiality/integrity impact. No public exploit code or active exploitation via CISA KEV has been confirmed at analysis time, though the remote enablement of administrative telnet access represents a significant privilege escalation pathway for subsequent unauthorized system access.

Information Disclosure Aterm W1200Ex Ms Aterm Wg1200Hp2 Aterm Wg1900Hp Aterm Wg1200Hs2 +17
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-4309 MEDIUM This Month

NEC Aterm wireless router series (W1200Ex-MS, WG1200HP2, WG1900HP, WG1800HP3, WG1800HP4, WG1200HP3, WG1200HP4, WG1200HS2, WG1200HS3, WX1500HP, WX3000HP, WX3600HP, WG2600HS, WG2600HS2, WG2600HP4, WG2600HM4, WF1200CR, WG1200CR, and others) suffer from missing authorization controls that enable remote attackers to enumerate device configuration details and modify settings without proper access controls. The vulnerability stems from CWE-862 (Missing Authorization) in the device management interface, allowing unauthenticated or inadequately authenticated network-accessible requests to interact with sensitive administrative functions. No CVSS score, EPSS probability estimate, or public exploit code has been disclosed, and CISA KEV status is unknown.

Authentication Bypass Aterm W1200Ex Ms Aterm Wg1200Hp2 Aterm Wg1900Hp Aterm Wg1200Hs2 +16
NVD
CVSS 4.0
6.3
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

Multiple NEC Aterm wireless router models are vulnerable to OS command injection that enables network-based attackers with high privileges and user interaction to execute arbitrary operating system commands. The vulnerability carries a CVSS 4.0 score of 7.1 and affects at least eight router models in the Aterm series including WG2600HS, WF1200CR, WG1200CR, WG2600HP4, WG2600HM4, WG2600HS2, WX3000HP, and WX3000HP2. No public exploit identified at time of analysis, though exploitation requires both elevated privileges and user interaction which reduces immediate risk.

Command Injection Aterm Wg2600Hs Aterm Wf1200Cr +6
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

NEC Aterm wireless router series (including WG1200HP2, WG1900HP, WG1800HP3, WG1200HP4, and nine other models) contain hidden telnet functionality that can be remotely enabled by unauthenticated network attackers via unspecified means, classified as CWE-912 (Hidden Functionality). The vulnerability carries a CVSS 6.3 score reflecting network-accessible attack vector with high complexity requirements and limited confidentiality/integrity impact. No public exploit code or active exploitation via CISA KEV has been confirmed at analysis time, though the remote enablement of administrative telnet access represents a significant privilege escalation pathway for subsequent unauthorized system access.

Information Disclosure Aterm W1200Ex Ms Aterm Wg1200Hp2 +19
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

NEC Aterm wireless router series (W1200Ex-MS, WG1200HP2, WG1900HP, WG1800HP3, WG1800HP4, WG1200HP3, WG1200HP4, WG1200HS2, WG1200HS3, WX1500HP, WX3000HP, WX3600HP, WG2600HS, WG2600HS2, WG2600HP4, WG2600HM4, WF1200CR, WG1200CR, and others) suffer from missing authorization controls that enable remote attackers to enumerate device configuration details and modify settings without proper access controls. The vulnerability stems from CWE-862 (Missing Authorization) in the device management interface, allowing unauthenticated or inadequately authenticated network-accessible requests to interact with sensitive administrative functions. No CVSS score, EPSS probability estimate, or public exploit code has been disclosed, and CISA KEV status is unknown.

Authentication Bypass Aterm W1200Ex Ms Aterm Wg1200Hp2 +18
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy