XSS in Nec Platforms, Ltd. Aterm 19000t12be

CVE-2026-6059

A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (10.9th percentile) — read the EPSS interpretation.

Affected products

Nec Platforms, Ltd. Aterm 19000t12be — versions Before Ver. 1.1.0
Nec Platforms, Ltd. Aterm Gx621a1 — versions Before Ver. 3.2.2
Nec Platforms, Ltd. Aterm Sh621a1 — versions Before Ver. 3.2.2
Nec Platforms, Ltd. Aterm Wx11000t12 — versions Before Ver. 1.4.0
Nec Platforms, Ltd. Aterm Wx1800hp — versions Before Ver. 3.2.2
Nec Platforms, Ltd. Aterm Wx3000hp2 — versions Before Ver. 1.3.2
Nec Platforms, Ltd. Aterm Wx4200d5 — versions Before Ver. 1.3.5
Nec Platforms, Ltd. Aterm Wx5400hp — versions Before Ver. 2.1.0
Nec Platforms, Ltd. Aterm Wx7800t8 — versions Before Ver. 1.5.1

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

psirt-info@cyber.jp.nec.com