Cross-Site Scripting Vulnerability in Aterm by NEC
CVE-2026-6059

4.8MEDIUM

Key Information:

Vendor: Nec Platforms, Ltd.
Status: Aterm Wx1800HP; Aterm Wx5400HP; Aterm Wx7800t8; Aterm Wx11000t12
Vendor: CVE Published:; 25 May 2026

🔔 Create Nec Platforms, Ltd. Vulnerability Alert

What is CVE-2026-6059?

A cross-site scripting vulnerability has been identified in Aterm, a product from NEC. This issue allows attackers to execute arbitrary scripts in the web browser of a user who accesses the web management interface through an adjacent network. The vulnerability could lead to unauthorized access, data leakage, and other security breaches if exploited. Users are advised to take precautionary measures to mitigate potential risks and ensure the security of their systems.

Affected Version(s)

Aterm 19000T12BE Before Ver. 1.1.0

Aterm GX621A1 Before Ver. 3.2.2

Aterm SH621A1 Before Ver. 3.2.2

References

https://jpn.nec.com/security-info/secinfo/nv26-002_en.html

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2026
Vulnerability Reserved
Apr 10, 2026

Credit

Noriaki Iwasaki of Cyber Defense Institute, Inc.

CVE-2026-6059 Data

JSON