Refine your search
10 vulnerabilities found for by NEC Platforms, Ltd.
CVE-2026-4620 (GCVE-0-2026-4620)
Vulnerability from cvelistv5
Published
2026-03-27 11:53
Modified
2026-04-10 04:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NEC Platforms, Ltd. | Aterm WX1500HP |
Version: Before Ver. 1.4.2 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T12:44:33.997346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T12:48:31.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Aterm WX1500HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX3600HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chuya Hayakawa of Zero Zero One Co., Ltd."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network."
}
],
"value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T04:13:14.137Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2026-4620",
"datePublished": "2026-03-27T11:53:41.863Z",
"dateReserved": "2026-03-23T06:04:47.524Z",
"dateUpdated": "2026-04-10T04:13:14.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4622 (GCVE-0-2026-4622)
Vulnerability from cvelistv5
Published
2026-03-27 11:53
Modified
2026-04-10 04:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| NEC Platforms, Ltd. | Aterm WG2600HS |
Version: Before Ver. 1.7.2 |
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T12:50:35.148912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T12:53:16.253Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HS",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.7.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WF1200CR",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.6.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200CR",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HP4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HM4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HS2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.3.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX3000HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 2.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX3000HP2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.3.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm GB1200PE",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chuya Hayakawa of Zero Zero One Co., Ltd."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network."
}
],
"value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T04:14:44.673Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2026-4622",
"datePublished": "2026-03-27T11:53:12.245Z",
"dateReserved": "2026-03-23T06:04:49.866Z",
"dateUpdated": "2026-04-10T04:14:44.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4621 (GCVE-0-2026-4621)
Vulnerability from cvelistv5
Published
2026-03-27 11:52
Modified
2026-04-10 04:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-912 - Hidden Functionality
Summary
Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T12:57:21.304368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T12:57:32.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Aterm W1200EX(-MS)",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HP2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1900HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HS2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1800HP3",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HP3",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1900HP2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HS3",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1800HP4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HP4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HS4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX1500HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HS",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.7.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WF1200CR",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.6.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200CR",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HP4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HM4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HS2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.3.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX3000HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 2.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX3000HP2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.3.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX3600HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm GX1200HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm GX1200HS4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200DM4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm GB1200PE",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chuya Hayakawa of Zero Zero One Co., Ltd."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network."
}
],
"value": "Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912: Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T04:13:59.147Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2026-4621",
"datePublished": "2026-03-27T11:52:48.222Z",
"dateReserved": "2026-03-23T06:04:48.670Z",
"dateUpdated": "2026-04-10T04:13:59.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4619 (GCVE-0-2026-4619)
Vulnerability from cvelistv5
Published
2026-03-27 11:46
Modified
2026-04-10 04:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Platforms, Ltd. | Aterm WX3600HP |
Version: Before Ver. 1.5.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T11:59:45.121746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T11:59:56.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Aterm WX3600HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.5.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Chuya Hayakawa of Zero Zero One Co., Ltd."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network."
}
],
"value": "Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T04:12:05.787Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2026-4619",
"datePublished": "2026-03-27T11:46:54.450Z",
"dateReserved": "2026-03-23T06:04:46.181Z",
"dateUpdated": "2026-04-10T04:12:05.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4309 (GCVE-0-2026-4309)
Vulnerability from cvelistv5
Published
2026-03-27 11:46
Modified
2026-04-10 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| NEC Platforms, Ltd. | Aterm W1200EX(-MS) |
Version: All versions |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T12:00:30.434329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T12:15:32.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Aterm W1200EX(-MS)",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HP2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1900HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HS2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1800HP3",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HP3",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1900HP2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HS3",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1800HP4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HP4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200HS4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX1500HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HS",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.7.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WF1200CR",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.6.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200CR",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HP4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HM4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.4.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HS2",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.3.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX3000HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 2.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WX3600HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.5.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm GX1200HP",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm GX1200HS4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm WG1200DM4",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Aterm GB1200PE",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "Before Ver. 1.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."
}
],
"value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T04:10:43.726Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2026-4309",
"datePublished": "2026-03-27T11:46:26.310Z",
"dateReserved": "2026-03-17T01:53:09.153Z",
"dateUpdated": "2026-04-10T04:10:43.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-25621 (GCVE-0-2022-25621)
Vulnerability from cvelistv5
Published
2022-03-11 17:54
Modified
2024-08-03 04:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS command injection
Summary
UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Platforms, Ltd. | UNIVERGE DT |
Version: UNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior, |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-004_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UNIVERGE DT",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "UNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior,"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T17:54:28.000Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv22-004_en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"ID": "CVE-2022-25621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UNIVERGE DT",
"version": {
"version_data": [
{
"version_value": "UNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior,"
}
]
}
}
]
},
"vendor_name": "NEC Platforms, Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv22-004_en.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv22-004_en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2022-25621",
"datePublished": "2022-03-11T17:54:28.000Z",
"dateReserved": "2022-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:42:50.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20677 (GCVE-0-2021-20677)
Vulnerability from cvelistv5
Published
2021-03-26 08:50
Modified
2024-08-03 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial-of-service (DoS)
Summary
UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Platforms, Ltd. | UNIVERGE Aspire series PBX |
Version: UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.necplatforms.co.jp/en/press/security_adv.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN12737530/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UNIVERGE Aspire series PBX",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T08:50:26.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.necplatforms.co.jp/en/press/security_adv.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN12737530/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UNIVERGE Aspire series PBX",
"version": {
"version_data": [
{
"version_value": "UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00"
}
]
}
}
]
},
"vendor_name": "NEC Platforms, Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.necplatforms.co.jp/en/press/security_adv.html",
"refsource": "MISC",
"url": "https://www.necplatforms.co.jp/en/press/security_adv.html"
},
{
"name": "https://jvn.jp/en/jp/JVN12737530/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN12737530/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20677",
"datePublished": "2021-03-26T08:50:26.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20653 (GCVE-0-2021-20653)
Vulnerability from cvelistv5
Published
2021-02-17 02:05
Modified
2024-08-03 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Platforms, Ltd. | Calsos CSDJ |
Version: CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-006.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN87164507/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Calsos CSDJ",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-17T02:05:29.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-006.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN87164507/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Calsos CSDJ",
"version": {
"version_data": [
{
"version_value": "CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Platforms, Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv21-006.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-006.html"
},
{
"name": "https://jvn.jp/en/jp/JVN87164507/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN87164507/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20653",
"datePublished": "2021-02-17T02:05:29.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0613 (GCVE-0-2018-0613)
Vulnerability from cvelistv5
Published
2018-07-26 17:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Platforms, Ltd. | Calsos CSDX and CSDJ series products |
Version: CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
},
{
"name": "JVN#63895206",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN63895206/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Calsos CSDX and CSDJ series products",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
}
]
}
],
"datePublic": "2018-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-26T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
},
{
"name": "JVN#63895206",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN63895206/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Calsos CSDX and CSDJ series products",
"version": {
"version_data": [
{
"version_value": "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
}
]
}
}
]
},
"vendor_name": "NEC Platforms, Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
"refsource": "CONFIRM",
"url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
},
{
"name": "JVN#63895206",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN63895206/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0613",
"datePublished": "2018-07-26T17:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0614 (GCVE-0-2018-0614)
Vulnerability from cvelistv5
Published
2018-07-26 17:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Platforms, Ltd. | Calsos CSDX and CSDJ series products |
Version: CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
},
{
"name": "JVN#63895206",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN63895206/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Calsos CSDX and CSDJ series products",
"vendor": "NEC Platforms, Ltd.",
"versions": [
{
"status": "affected",
"version": "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
}
]
}
],
"datePublic": "2018-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-26T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
},
{
"name": "JVN#63895206",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN63895206/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Calsos CSDX and CSDJ series products",
"version": {
"version_data": [
{
"version_value": "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
}
]
}
}
]
},
"vendor_name": "NEC Platforms, Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
"refsource": "CONFIRM",
"url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
},
{
"name": "JVN#63895206",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN63895206/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0614",
"datePublished": "2018-07-26T17:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}