Missing Authorization Vulnerability in NEC Platforms Aterm Series
CVE-2026-4309

6.3MEDIUM

Key Information:

Vendor

Nec Platforms, Ltd.

Status
Aterm W1200ex(-ms)
Aterm Wg1200HP2
Aterm Wg1900HP
Aterm Wg1200hs2
Vendor
CVE Published:
27 March 2026

What is CVE-2026-4309?

A missing authorization vulnerability in NEC Platforms' Aterm Series allows attackers to access critical device information and modify settings remotely via the network. This flaw poses significant risks to device integrity and network security, emphasizing the need for robust authorization mechanisms.

Affected Version(s)

Aterm GB1200PE Before Ver. 1.3.1

Aterm GX1200HP All versions

Aterm GX1200HS4 All versions

References

https://jpn.nec.com/security-info/secinfo/nv26-001_en.html

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.
.