CVE-2026-4309

Name: CVE-2026-4309
Creator: NVD / NIST
Published: 2026-03-27T12:16:20.37+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.3/10EPSS 0.14%

Last modified Jun 17, 2026

CVE-2026-4309 is a medium-severity vulnerability rated 6.3/10 on the CVSS scale. Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.. EPSS estimates a 0.14% chance of exploitation in the next 30 days.

Description

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS 4.0

6.3/10

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.14%

3.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-862

Affected Software

Vendor	Product	Versions
Nec	Aterm Wg2600hs Firmware	< 1.7.2
Nec	Aterm Wf1200cr Firmware	< 1.6.0
Nec	Aterm Wg1200cr Firmware	< 1.5.0
Nec	Aterm Wg2600hp4 Firmware	< 1.4.2
Nec	Aterm Wg2600hm4 Firmware	< 1.4.2
Nec	Aterm Wg2600hs2 Firmware	< 1.3.2
Nec	Aterm Wx3000hp Firmware	< 2.5.0
Nec	Aterm Wx3600hp Firmware	<= 1.5.3
Nec	Aterm W1200ex-Ms Firmware	All versions
Nec	Aterm Wg1200hp2 Firmware	All versions
Nec	Aterm Wg1900hp Firmware	All versions
Nec	Aterm Wg1200hs2 Firmware	All versions
Nec	Aterm Wg1800hp3 Firmware	All versions
Nec	Aterm Wg1200hp3 Firmware	All versions
Nec	Aterm Wg1900hp2 Firmware	All versions
Nec	Aterm Wg1200hs3 Firmware	All versions
Nec	Aterm Wg1800hp4 Firmware	All versions
Nec	Aterm Wg1200hp4 Firmware	All versions
Nec	Aterm Wg1200hs4 Firmware	All versions
Nec	Aterm Wx1500hp Firmware	< 1.4.2

References

https://jpn.nec.com/security-info/secinfo/nv26-001_en.htmlVendor Advisory

Timeline

Published: Mar 27, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-4309?

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.

How severe is CVE-2026-4309?

CVE-2026-4309 has a CVSS score of 6.3/10 (MEDIUM severity). The EPSS model estimates a 0.14% probability of exploitation in the next 30 days.

How do I fix CVE-2026-4309?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-4309?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST