CVE-2025-0354

MEDIUM

NEC Aterm WG2600HS/WG2600HP4/WG2600HM4/WG2600HS2/WX3000HP/WX4200D5 - Cross-Site Scripting

Title source: llm
STIX 2.1

Description

Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network.

References (1)

Core 1

Scores

CVSS v3 4.8
EPSS 0.0022
EPSS Percentile 12.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (6)
NEC Corporation/WG2600HM4 Ver.1.4.2 and earlier
NEC Corporation/WG2600HP4 Ver.1.4.2 and earlier
NEC Corporation/WG2600HS Ver.1.7.2 and earlier
NEC Corporation/WG2600HS2 Ver.1.3.2 and earlier
NEC Corporation/WX3000HP Ver.2.4.2 and earlier
NEC Corporation/WX4200D5 Ver.1.2.4 and earlier
Published Jan 15, 2025
Tracked Since Feb 18, 2026