Aterm Wx3000Hp2
Monthly
A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network.
Multiple NEC Aterm wireless router models are vulnerable to OS command injection that enables network-based attackers with high privileges and user interaction to execute arbitrary operating system commands. The vulnerability carries a CVSS 4.0 score of 7.1 and affects at least eight router models in the Aterm series including WG2600HS, WF1200CR, WG1200CR, WG2600HP4, WG2600HM4, WG2600HS2, WX3000HP, and WX3000HP2. No public exploit identified at time of analysis, though exploitation requires both elevated privileges and user interaction which reduces immediate risk.
NEC Aterm wireless router series (including WG1200HP2, WG1900HP, WG1800HP3, WG1200HP4, and nine other models) contain hidden telnet functionality that can be remotely enabled by unauthenticated network attackers via unspecified means, classified as CWE-912 (Hidden Functionality). The vulnerability carries a CVSS 6.3 score reflecting network-accessible attack vector with high complexity requirements and limited confidentiality/integrity impact. No public exploit code or active exploitation via CISA KEV has been confirmed at analysis time, though the remote enablement of administrative telnet access represents a significant privilege escalation pathway for subsequent unauthorized system access.
A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network.
Multiple NEC Aterm wireless router models are vulnerable to OS command injection that enables network-based attackers with high privileges and user interaction to execute arbitrary operating system commands. The vulnerability carries a CVSS 4.0 score of 7.1 and affects at least eight router models in the Aterm series including WG2600HS, WF1200CR, WG1200CR, WG2600HP4, WG2600HM4, WG2600HS2, WX3000HP, and WX3000HP2. No public exploit identified at time of analysis, though exploitation requires both elevated privileges and user interaction which reduces immediate risk.
NEC Aterm wireless router series (including WG1200HP2, WG1900HP, WG1800HP3, WG1200HP4, and nine other models) contain hidden telnet functionality that can be remotely enabled by unauthenticated network attackers via unspecified means, classified as CWE-912 (Hidden Functionality). The vulnerability carries a CVSS 6.3 score reflecting network-accessible attack vector with high complexity requirements and limited confidentiality/integrity impact. No public exploit code or active exploitation via CISA KEV has been confirmed at analysis time, though the remote enablement of administrative telnet access represents a significant privilege escalation pathway for subsequent unauthorized system access.