CVE-2026-4309 - Vulnerability Details

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Nec	Aterm W1200ex(-ms) Aterm Wf1200cr Aterm Wg1200cr Aterm Wg1200hp2 Aterm Wg1200hp3 Aterm Wg1200hp4 Aterm Wg1200hs2 Aterm Wg1200hs3 Aterm Wg1200hs4 Aterm Wg1800hp3 Aterm Wg1800hp4 Aterm Wg1900hp Aterm Wg1900hp2 Aterm Wg2600hm4 Aterm Wg2600hp4 Aterm Wg2600hs Aterm Wg2600hs2 Aterm Wx1500hp Aterm Wx3000hp Aterm Wx3600hp

No data.

References

Link	Providers
https://jpn.nec.com/security-info/secinfo/nv26-001_en.html

History

Mon, 30 Mar 2026 07:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nec Nec aterm W1200ex(-ms) Nec aterm Wf1200cr Nec aterm Wg1200cr Nec aterm Wg1200hp2 Nec aterm Wg1200hp3 Nec aterm Wg1200hp4 Nec aterm Wg1200hs2 Nec aterm Wg1200hs3 Nec aterm Wg1200hs4 Nec aterm Wg1800hp3 Nec aterm Wg1800hp4 Nec aterm Wg1900hp Nec aterm Wg1900hp2 Nec aterm Wg2600hm4 Nec aterm Wg2600hp4 Nec aterm Wg2600hs Nec aterm Wg2600hs2 Nec aterm Wx1500hp Nec aterm Wx3000hp Nec aterm Wx3600hp
Vendors & Products		Nec Nec aterm W1200ex(-ms) Nec aterm Wf1200cr Nec aterm Wg1200cr Nec aterm Wg1200hp2 Nec aterm Wg1200hp3 Nec aterm Wg1200hp4 Nec aterm Wg1200hs2 Nec aterm Wg1200hs3 Nec aterm Wg1200hs4 Nec aterm Wg1800hp3 Nec aterm Wg1800hp4 Nec aterm Wg1900hp Nec aterm Wg1900hp2 Nec aterm Wg2600hm4 Nec aterm Wg2600hp4 Nec aterm Wg2600hs Nec aterm Wg2600hs2 Nec aterm Wx1500hp Nec aterm Wx3000hp Nec aterm Wx3600hp

Fri, 27 Mar 2026 20:30:00 +0000

Type	Values Removed	Values Added
Title		Missing Authorization Enables Unauthorized Retrieval and Modification on NEC Aterm Routers

Fri, 27 Mar 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
Description		Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.
Weaknesses		CWE-862
References		https://jpn.nec.com/security-info/secinfo/nv26-001_en.html
Metrics		cvssV4_0 `{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: NEC

Published: 2026-03-27T11:46:26.310Z

Updated: 2026-03-27T12:15:32.249Z

Reserved: 2026-03-17T01:53:09.153Z

Link: CVE-2026-4309

Vulnrichment

Updated: 2026-03-27T12:15:26.979Z

NVD

Status : Awaiting Analysis

Published: 2026-03-27T12:16:20.370

Modified: 2026-03-30T13:26:29.793

Link: CVE-2026-4309

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object