Kakeru Kajihara

**Name of the Vulnerable Software and Affected Versions** NEC Corporation Aterm WG2600HS versions 1.7.2 and earlier NEC Corporation Aterm WG2600HP4 versions 1.4.2 and earlier NEC Corporation Aterm WG2600HM4 versions 1.4.2 and earlier NEC Corporation Aterm WG2600HS2 versions 1.3.2 and earlier NEC Corporation Aterm WX3000HP versions 2.4.2 and earlier NEC Corporation Aterm WX4200D5 versions 1.2.4 and earlier **Description** A cross-site scripting issue allows an attacker to inject an arbitrary script via the network. This can potentially lead to unauthorized actions on the affected system. **Recommendations** For NEC Corporation Aterm WG2600HS versions 1.7.2 and earlier, update to a version later than 1.7.2 to resolve the issue. For NEC Corporation Aterm WG2600HP4 versions 1.4.2 and earlier, update to a version later than 1.4.2 to resolve the issue. For NEC Corporation Aterm WG2600HM4 versions 1.4.2 and earlier, update to a version later than 1.4.2 to resolve the issue. For NEC Corporation Aterm WG2600HS2 versions 1.3.2 and earlier, update to a version later than 1.3.2 to resolve the issue. For NEC Corporation Aterm WX3000HP versions 2.4.2 and earlier, update to a version later than 2.4.2 to resolve the issue. For NEC Corporation Aterm WX4200D5 versions 1.2.4 and earlier, update to a version later than 1.2.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NEC Corporation Aterm WG2600HS versions 1.7.2 and earlier NEC Corporation Aterm WF1200CRS versions 1.6.0 and earlier NEC Corporation Aterm WG1200CRS versions 1.5.0 and earlier NEC Corporation Aterm GB1200PE versions 1.3.0 and earlier NEC Corporation Aterm WG2600HP4 versions 1.4.2 and earlier NEC Corporation Aterm WG2600HM4 versions 1.4.2 and earlier NEC Corporation Aterm WG2600HS2 versions 1.3.2 and earlier NEC Corporation Aterm WX3000HP versions 2.4.2 and earlier NEC Corporation Aterm WX4200D5 versions 1.2.4 and earlier **Description** The issue allows an attacker to obtain a Wi-Fi password via the network due to missing authentication for a critical function. **Recommendations** For NEC Corporation Aterm WG2600HS versions 1.7.2 and earlier, update to a version later than 1.7.2. For NEC Corporation Aterm WF1200CRS versions 1.6.0 and earlier, update to a version later than 1.6.0. For NEC Corporation Aterm WG1200CRS versions 1.5.0 and earlier, update to a version later than 1.5.0. For NEC Corporation Aterm GB1200PE versions 1.3.0 and earlier, update to a version later than 1.3.0. For NEC Corporation Aterm WG2600HP4 versions 1.4.2 and earlier, update to a version later than 1.4.2. For NEC Corporation Aterm WG2600HM4 versions 1.4.2 and earlier, update to a version later than 1.4.2. For NEC Corporation Aterm WG2600HS2 versions 1.3.2 and earlier, update to a version later than 1.3.2. For NEC Corporation Aterm WX3000HP versions 2.4.2 and earlier, update to a version later than 2.4.2. For NEC Corporation Aterm WX4200D5 versions 1.2.4 and earlier, update to a version later than 1.2.4.

**Name of the Vulnerable Software and Affected Versions** NEC Corporation Aterm WX1500HP versions 1.4.2 and earlier NEC Corporation Aterm WX3600HP versions 1.5.3 and earlier **Description** The issue allows an attacker to execute arbitrary OS commands via the network. This can be done through the internet, potentially affecting a wide range of devices. **Recommendations** For NEC Corporation Aterm WX1500HP versions 1.4.2 and earlier, update to a version later than 1.4.2 to resolve the issue. For NEC Corporation Aterm WX3600HP versions 1.5.3 and earlier, update to a version later than 1.5.3 to resolve the issue. As a temporary workaround, consider restricting network access to the devices until a patch is available.