Auth bypass in Nec Platforms, Ltd. Aterm Gb1200pe

CVE-2026-4309

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.

Vulnerability class: Broken Access Control

EPSS: 0.000 (13.1th percentile) — read the EPSS interpretation.

Affected products

Nec Platforms, Ltd. Aterm Gb1200pe — versions Before Ver. 1.3.1
Nec Platforms, Ltd. Aterm Gx1200hp — versions All versions
Nec Platforms, Ltd. Aterm Gx1200hs4 — versions All versions
Nec Platforms, Ltd. Aterm W1200ex(-ms) — versions All versions
Nec Platforms, Ltd. Aterm Wf1200cr — versions Before Ver. 1.6.0
Nec Platforms, Ltd. Aterm Wg1200cr — versions Before Ver. 1.5.0
Nec Platforms, Ltd. Aterm Wg1200dm4 — versions All versions
Nec Platforms, Ltd. Aterm Wg1200hp2 — versions All versions
Nec Platforms, Ltd. Aterm Wg1200hp3 — versions All versions
Nec Platforms, Ltd. Aterm Wg1200hp4 — versions All versions

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

jpn.nec.com/security-info/secinfo/nv26-001_en.html