{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4309", "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "state": "PUBLISHED", "assignerShortName": "NEC", "dateReserved": "2026-03-17T01:53:09.153Z", "datePublished": "2026-03-27T11:46:26.310Z", "dateUpdated": "2026-03-27T12:15:32.249Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "shortName": "NEC", "dateUpdated": "2026-03-27T11:46:26.310Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "affected": [{"vendor": "NEC Platforms, Ltd.", "product": "Aterm W1200EX(-MS)", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200HP2", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1900HP", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200HS2", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1800HP3", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200HP3", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1900HP2", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200HS3", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1800HP4", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200HP4", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200HS4", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WX1500HP", "versions": [{"status": "affected", "version": "Before Ver. 1.4.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HS", "versions": [{"status": "affected", "version": "Before Ver. 1.7.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WF1200CR", "versions": [{"status": "affected", "version": "Before Ver. 1.6.0"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200CR", "versions": [{"status": "affected", "version": "Before Ver. 1.5.0"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HP4", "versions": [{"status": "affected", "version": "Before Ver. 1.4.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HM4", "versions": [{"status": "affected", "version": "Before Ver. 1.4.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HS2", "versions": [{"status": "affected", "version": "Before Ver. 1.3.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WX3000HP", "versions": [{"status": "affected", "version": "Before Ver. 2.5.0"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WX3600HP", "versions": [{"status": "affected", "version": "Before Ver. 1.5.3"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."}]}], "references": [{"url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.", "user": "00000000-0000-4000-9000-000000000000", "type": "reporter"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T12:00:30.434329Z", "id": "CVE-2026-4309", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T12:15:32.249Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4309", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T12:00:30.434329Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T12:15:26.979Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NEC Platforms, Ltd.", "product": "Aterm W1200EX(-MS)", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200HP2", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1900HP", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200HS2", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1800HP3", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200HP3", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1900HP2", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200HS3", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1800HP4", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200HP4", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200HS4", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WX1500HP", "versions": [{"status": "affected", "version": "Before Ver. 1.4.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HS", "versions": [{"status": "affected", "version": "Before Ver. 1.7.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WF1200CR", "versions": [{"status": "affected", "version": "Before Ver. 1.6.0"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200CR", "versions": [{"status": "affected", "version": "Before Ver. 1.5.0"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HP4", "versions": [{"status": "affected", "version": "Before Ver. 1.4.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HM4", "versions": [{"status": "affected", "version": "Before Ver. 1.4.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HS2", "versions": [{"status": "affected", "version": "Before Ver. 1.3.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WX3000HP", "versions": [{"status": "affected", "version": "Before Ver. 2.5.0"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WX3600HP", "versions": [{"status": "affected", "version": "Before Ver. 1.5.3"}], "defaultStatus": "unknown"}], "references": [{"url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "shortName": "NEC", "dateUpdated": "2026-03-27T11:46:26.310Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4309", "state": "PUBLISHED", "dateUpdated": "2026-03-27T12:15:32.249Z", "dateReserved": "2026-03-17T01:53:09.153Z", "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "datePublished": "2026-03-27T11:46:26.310Z", "assignerShortName": "NEC"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."}], "id": "CVE-2026-4309", "lastModified": "2026-03-27T12:16:20.370", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt-info@cyber.jp.nec.com", "type": "Secondary"}]}, "published": "2026-03-27T12:16:20.370", "references": [{"source": "psirt-info@cyber.jp.nec.com", "url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"}], "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "psirt-info@cyber.jp.nec.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T13:51:42.421985+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update released by NEC for the affected Aterm models", "If no update is available, disable or block external management interfaces and restrict internal access to the router configuration pages", "Change default administrative credentials and enforce strong passwords", "Configure firewall rules to limit management access to trusted IP addresses", "Monitor router logs for unauthorized configuration changes"], "summary": {"action": "Apply Patch", "impact": "Unauthorized Configuration Changes and Device Information Disclosure"}, "threat_synthesis": {"affected_systems": "NEC Platforms Aterm Series routers, including models W1200EX, WF1200CR, WG1200CR, WG1200HP2 to HP4, WG1200HS2 to HS4, WG1800HP3 to HP4, WG1900HP to HP2, WG2600HM4 to HS2, and WX1500HP to WX3600HP. No specific firmware or version details are provided, so the entire model range may be affected.", "description_and_impact": "A missing authorization check in NEC Platforms Aterm series routers allows an attacker who can reach the device through its network interfaces to retrieve detailed device information and modify configuration settings, all without valid credentials. This vulnerability can lead to unauthorized alteration of router behavior or exposure of sensitive device data. The weakness is classified as a missing authorization error.", "risk_and_exploitability": "The CVSS score of 6.3 indicates moderate severity. EPSS information is unavailable and the vulnerability is not listed in the CISA KEV catalog. Exploitation would require the attacker to have network connectivity to the router, which could be local or remote if the device is exposed. No public exploitation data or known scripts are documented, so the current risk depends on the exposure of the router and the presence of an update to address the issue."}}}}, "created": "2026-03-27T15:47:06.037375+00:00", "title": "Missing Authorization Enables Unauthorized Retrieval and Modification on NEC Aterm Routers", "updated": "2026-03-27T15:47:06.037405+00:00", "vendors": []}