CVE-2026-4619 is a path traversal vulnerability classified under CWE-22, found in NEC Platforms, Ltd.'s Aterm WX3600HP router series prior to version 1.5.3. The vulnerability arises from improper limitation of pathname inputs, allowing an attacker to traverse directories and write arbitrary files on the device via network requests. This can lead to overwriting critical system files or configuration data, potentially enabling persistent compromise or denial of service. Exploitation requires the attacker to have high-level privileges (PR:H) and network access (AV:N), but does not require user interaction (UI:N). The vulnerability impacts confidentiality, integrity, and availability, with high impact on integrity and availability, and low impact on confidentiality. The CVSS 4.0 vector indicates high attack complexity (AC:H), no privileges required for attack initiation (AT:N), and no scope change (SC:N). No public exploits are known at this time, but the vulnerability's nature makes it a serious concern for affected organizations. The lack of available patches necessitates immediate mitigation efforts to reduce exposure. This vulnerability is particularly relevant for environments relying on NEC's Aterm WX3600HP routers, commonly deployed in enterprise and service provider networks.

The path traversal vulnerability allows attackers with high privileges to overwrite arbitrary files on the affected router, which can lead to several severe consequences. These include unauthorized modification or deletion of system and configuration files, potentially resulting in device malfunction, denial of service, or persistent backdoor installation. The integrity of the device is directly compromised, and availability may be disrupted if critical files are corrupted. Confidentiality impact is lower but still possible if attackers modify files to capture or redirect sensitive data. Organizations relying on these routers for network infrastructure risk operational disruption and potential lateral movement by attackers within their networks. The medium CVSS score reflects the requirement for high privileges and attack complexity, but the potential damage to network infrastructure is significant. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially if attackers develop exploit code.

1. Upgrade the Aterm WX3600HP firmware to version 1.5.3 or later once available to apply the official patch addressing the path traversal vulnerability. 2. Restrict network access to the router's management interfaces using network segmentation, firewall rules, and VPNs to limit exposure to trusted administrators only. 3. Enforce strong authentication mechanisms, including complex passwords and multi-factor authentication, to reduce the risk of unauthorized high-privilege access. 4. Monitor router logs and file integrity regularly to detect unusual file modifications or access patterns indicative of exploitation attempts. 5. Disable unnecessary services and interfaces on the router to minimize the attack surface. 6. Implement network intrusion detection systems (NIDS) with signatures or heuristics capable of identifying path traversal attempts. 7. If patching is delayed, consider temporary compensating controls such as access control lists (ACLs) and strict administrative access policies. 8. Educate network administrators about the vulnerability and encourage vigilance for suspicious activity related to router management.