CVE-2026-6059

Summary

A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network.

Affected Software

VendorProductVersion RangeStatus
NEC Platforms, Ltd.Aterm WX1800HPBefore Ver. 3.2.2affected
NEC Platforms, Ltd.Aterm WX5400HPBefore Ver. 2.1.0affected
NEC Platforms, Ltd.Aterm WX7800T8Before Ver. 1.5.1affected
NEC Platforms, Ltd.Aterm WX11000T12Before Ver. 1.4.0affected
NEC Platforms, Ltd.Aterm WX3000HP2Before Ver. 1.3.2affected
NEC Platforms, Ltd.Aterm WX4200D5Before Ver. 1.3.5affected
NEC Platforms, Ltd.Aterm GX621A1Before Ver. 3.2.2affected
NEC Platforms, Ltd.Aterm SH621A1Before Ver. 3.2.2affected
NEC Platforms, Ltd.Aterm 19000T12BEBefore Ver. 1.1.0affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References