Skip to main content

Aterm Wx3600Hp

4 CVEs product

Monthly

CVE-2026-4620 HIGH This Week

OS command injection in NEC Platforms Aterm wireless router series (models WX1500HP and WX3600HP) permits authenticated network attackers with high privileges to execute arbitrary operating system commands on affected devices. The vulnerability requires user interaction and high attack complexity (CVSS 4.0 score 7.1), with no public exploit identified at time of analysis. NEC Platforms has published a security advisory detailing the issue.

Command Injection Aterm Wx1500Hp Aterm Wx3600Hp
NVD VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-4621 MEDIUM This Month

NEC Aterm wireless router series (including WG1200HP2, WG1900HP, WG1800HP3, WG1200HP4, and nine other models) contain hidden telnet functionality that can be remotely enabled by unauthenticated network attackers via unspecified means, classified as CWE-912 (Hidden Functionality). The vulnerability carries a CVSS 6.3 score reflecting network-accessible attack vector with high complexity requirements and limited confidentiality/integrity impact. No public exploit code or active exploitation via CISA KEV has been confirmed at analysis time, though the remote enablement of administrative telnet access represents a significant privilege escalation pathway for subsequent unauthorized system access.

Information Disclosure Aterm W1200Ex Ms Aterm Wg1200Hp2 Aterm Wg1900Hp Aterm Wg1200Hs2 +17
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-4619 MEDIUM This Month

NEC Aterm WX3600HP routers contain a path traversal vulnerability enabling remote attackers to write arbitrary files to the device via network access, potentially compromising system integrity and enabling persistent attacks. The vulnerability (CVE-2026-4619) affects the Aterm WX3600HP model and exploits insufficient input validation in file handling mechanisms. No CVSS score or publicly available exploit has been identified at the time of analysis, though the CWE-22 classification confirms the path traversal root cause.

Path Traversal Aterm Wx3600Hp
NVD VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-4309 MEDIUM This Month

NEC Aterm wireless router series (W1200Ex-MS, WG1200HP2, WG1900HP, WG1800HP3, WG1800HP4, WG1200HP3, WG1200HP4, WG1200HS2, WG1200HS3, WX1500HP, WX3000HP, WX3600HP, WG2600HS, WG2600HS2, WG2600HP4, WG2600HM4, WF1200CR, WG1200CR, and others) suffer from missing authorization controls that enable remote attackers to enumerate device configuration details and modify settings without proper access controls. The vulnerability stems from CWE-862 (Missing Authorization) in the device management interface, allowing unauthenticated or inadequately authenticated network-accessible requests to interact with sensitive administrative functions. No CVSS score, EPSS probability estimate, or public exploit code has been disclosed, and CISA KEV status is unknown.

Authentication Bypass Aterm W1200Ex Ms Aterm Wg1200Hp2 Aterm Wg1900Hp Aterm Wg1200Hs2 +16
NVD
CVSS 4.0
6.3
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

OS command injection in NEC Platforms Aterm wireless router series (models WX1500HP and WX3600HP) permits authenticated network attackers with high privileges to execute arbitrary operating system commands on affected devices. The vulnerability requires user interaction and high attack complexity (CVSS 4.0 score 7.1), with no public exploit identified at time of analysis. NEC Platforms has published a security advisory detailing the issue.

Command Injection Aterm Wx1500Hp Aterm Wx3600Hp
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

NEC Aterm wireless router series (including WG1200HP2, WG1900HP, WG1800HP3, WG1200HP4, and nine other models) contain hidden telnet functionality that can be remotely enabled by unauthenticated network attackers via unspecified means, classified as CWE-912 (Hidden Functionality). The vulnerability carries a CVSS 6.3 score reflecting network-accessible attack vector with high complexity requirements and limited confidentiality/integrity impact. No public exploit code or active exploitation via CISA KEV has been confirmed at analysis time, though the remote enablement of administrative telnet access represents a significant privilege escalation pathway for subsequent unauthorized system access.

Information Disclosure Aterm W1200Ex Ms Aterm Wg1200Hp2 +19
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

NEC Aterm WX3600HP routers contain a path traversal vulnerability enabling remote attackers to write arbitrary files to the device via network access, potentially compromising system integrity and enabling persistent attacks. The vulnerability (CVE-2026-4619) affects the Aterm WX3600HP model and exploits insufficient input validation in file handling mechanisms. No CVSS score or publicly available exploit has been identified at the time of analysis, though the CWE-22 classification confirms the path traversal root cause.

Path Traversal Aterm Wx3600Hp
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

NEC Aterm wireless router series (W1200Ex-MS, WG1200HP2, WG1900HP, WG1800HP3, WG1800HP4, WG1200HP3, WG1200HP4, WG1200HS2, WG1200HS3, WX1500HP, WX3000HP, WX3600HP, WG2600HS, WG2600HS2, WG2600HP4, WG2600HM4, WF1200CR, WG1200CR, and others) suffer from missing authorization controls that enable remote attackers to enumerate device configuration details and modify settings without proper access controls. The vulnerability stems from CWE-862 (Missing Authorization) in the device management interface, allowing unauthenticated or inadequately authenticated network-accessible requests to interact with sensitive administrative functions. No CVSS score, EPSS probability estimate, or public exploit code has been disclosed, and CISA KEV status is unknown.

Authentication Bypass Aterm W1200Ex Ms Aterm Wg1200Hp2 +18
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy