CVE-2026-6059 | THREATINT

Description

A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network.

PUBLISHED Reserved 2026-04-10 | Published 2026-05-25 | Updated 2026-05-25 | Assigner NEC

MEDIUM: 4.8CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status

unknown

Before Ver. 3.2.2

affected

Default status

unknown

Before Ver. 2.1.0

affected

Default status

unknown

Before Ver. 1.5.1

affected

Default status

unknown

Before Ver. 1.4.0

affected

Default status

unknown

Before Ver. 1.3.2

affected

Default status

unknown

Before Ver. 1.3.5

affected

Default status

unknown

Before Ver. 3.2.2

affected

Default status

unknown

Before Ver. 3.2.2

affected

Default status

unknown

Before Ver. 1.1.0

affected

Credits

Noriaki Iwasaki of Cyber Defense Institute, Inc. reporter

References

jpn.nec.com/security-info/secinfo/nv26-002_en.html

cve.org (CVE-2026-6059)

nvd.nist.gov (CVE-2026-6059)

Download JSON