CVE-2025-0354
MEDIUMNEC Aterm WG2600HS/WG2600HP4/WG2600HM4/WG2600HS2/WX3000HP/WX4200D5 - Cross-Site Scripting
Title source: llmDescription
Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network.
References (1)
Core 1
Core References
Various Sources
https://jpn.nec.com/security-info/secinfo/nv25-003_en.html
Scores
CVSS v3
4.8
EPSS
0.0022
EPSS Percentile
12.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (6)
NEC Corporation/WG2600HM4
Ver.1.4.2 and earlier
NEC Corporation/WG2600HP4
Ver.1.4.2 and earlier
NEC Corporation/WG2600HS
Ver.1.7.2 and earlier
NEC Corporation/WG2600HS2
Ver.1.3.2 and earlier
NEC Corporation/WX3000HP
Ver.2.4.2 and earlier
NEC Corporation/WX4200D5
Ver.1.2.4 and earlier
Published
Jan 15, 2025
Tracked Since
Feb 18, 2026