Home

Description

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.

PUBLISHED Reserved 2026-03-17 | Published 2026-03-27 | Updated 2026-04-10 | Assigner NEC




MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-862: Missing Authorization

Product status

Default status
unknown

All versions
affected

Default status
unknown

All versions
affected

Default status
unknown

All versions
affected

Default status
unknown

All versions
affected

Default status
unknown

All versions
affected

Default status
unknown

All versions
affected

Default status
unknown

All versions
affected

Default status
unknown

All versions
affected

Default status
unknown

All versions
affected

Default status
unknown

All versions
affected

Default status
unknown

All versions
affected

Default status
unknown

Before Ver. 1.4.2
affected

Default status
unknown

Before Ver. 1.7.2
affected

Default status
unknown

Before Ver. 1.6.0
affected

Default status
unknown

Before Ver. 1.5.0
affected

Default status
unknown

Before Ver. 1.4.2
affected

Default status
unknown

Before Ver. 1.4.2
affected

Default status
unknown

Before Ver. 1.3.2
affected

Default status
unknown

Before Ver. 2.5.0
affected

Default status
unknown

Before Ver. 1.5.3
affected

Default status
unknown

All versions
affected

Default status
unknown

All versions
affected

Default status
unknown

All versions
affected

Default status
unknown

Before Ver. 1.3.1
affected

Credits

Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reporter

References

jpn.nec.com/security-info/secinfo/nv26-001_en.html

cve.org (CVE-2026-4309)

nvd.nist.gov (CVE-2026-4309)

Download JSON