Published:2026/05/25 Last Updated:2026/05/25
JVN#69049186
NEC Aterm series vulnerable to cross-site scripting (NV26-002)
Overview
Aterm series products provided by NEC Corporation contain a cross-site scripting vulnerability.
Products Affected
- WX1800HP versions prior to Ver.3.2.2
- WX5400HP versions prior to Ver.2.1.0
- WX7800T8 versions prior to Ver.1.5.1
- WX11000T12 versions prior to Ver.1.4.0
- WX3000HP2 versions prior to Ver.1.3.2
- WX4200D5 versions prior to Ver.1.3.5
- GX621A1 versions prior to Ver.3.2.2
- SH621A1 versions prior to Ver.3.2.2
- 19000T12BE versions prior to Ver.1.1.0
Description
Aterm series products provided by NEC Corporation contain the following vulnerability.
- Cross-site scripting (CWE-79)
- CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N Base Score 4.8
- CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Base Score 3.8
- CVE-2026-6059
Impact
An arbitrary script may be executed on the web browser of the user who accessed the product's web management page.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
JVNDB-2026-000078 |
Update History
- 2026/05/25
- Information under the section [Description] was updated