Cross-Site Scripting Vulnerability in Aterm series

Number: NV26-002
CVE: CVE-2026-6059

Overview

A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface.

Products Affected

Aterm

Affected Version

WX1800HP: Versions prior to Ver. 3.2.2
WX5400HP: Versions prior to Ver. 2.1.0
WX7800T8: Versions prior to Ver. 1.5.1
WX11000T12: Versions prior to Ver. 1.4.0
WX3000HP2: Versions prior to Ver. 1.3.2
WX4200D5: Versions prior to Ver. 1.3.5
GX621A1: Versions prior to Ver. 3.2.2
SH621A1: Versions prior to Ver. 3.2.2
19000T12BE: Versions prior to Ver. 1.1.0

Solution

Please refer to the following support page and apply the update. (Only Japanese)
https://www.aterm.jp/support/tech/2026/0525.html

References

CVE-2026-6059
https://www.cve.org/CVERecord?id=CVE-2026-6059

Credit

reported by Cyber Defense Institute, Inc. Noriaki Iwasaki for NEC-PSIRT.

Update

2026/05/25: First edition

サイト内の現在位置