OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Nec
  • Aterm Gb1200pe
  • Aterm Gb1200pe Firmware
  • Aterm Wf1200cr
  • Aterm Wf1200cr Firmware
  • Aterm Wg1200cr
  • Aterm Wg1200cr Firmware
  • Aterm Wg2600hm4
  • Aterm Wg2600hm4 Firmware
  • Aterm Wg2600hp4
  • Aterm Wg2600hp4 Firmware
  • Aterm Wg2600hs
  • Aterm Wg2600hs2
  • Aterm Wg2600hs2 Firmware
  • Aterm Wg2600hs Firmware
  • Aterm Wx3000hp
  • Aterm Wx3000hp2
  • Aterm Wx3000hp2 Firmware
  • Aterm Wx3000hp Firmware

Configuration 1 [-]

AND
cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:nec:aterm_wf1200cr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf1200cr:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:nec:aterm_wg2600hp4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp4:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:nec:aterm_wg2600hm4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hm4:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:nec:aterm_wg2600hs2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hs2:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:nec:aterm_wx3000hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wx3000hp:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:nec:aterm_wx3000hp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wx3000hp2:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:nec:aterm_gb1200pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_gb1200pe:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://jpn.nec.com/security-info/secinfo/nv26-001_en.html cve-icon cve-icon
History

Mon, 20 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Nec aterm Gb1200pe
Nec aterm Gb1200pe Firmware
Nec aterm Wf1200cr Firmware
Nec aterm Wg1200cr Firmware
Nec aterm Wg2600hm4 Firmware
Nec aterm Wg2600hp4 Firmware
Nec aterm Wg2600hs2 Firmware
Nec aterm Wg2600hs Firmware
Nec aterm Wx3000hp2 Firmware
Nec aterm Wx3000hp Firmware
CPEs cpe:2.3:h:nec:aterm_gb1200pe:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf1200cr:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hm4:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp4:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hs2:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wx3000hp2:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wx3000hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_gb1200pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wf1200cr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2600hm4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2600hp4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2600hs2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wx3000hp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wx3000hp_firmware:*:*:*:*:*:*:*:*
Vendors & Products Nec aterm Gb1200pe
Nec aterm Gb1200pe Firmware
Nec aterm Wf1200cr Firmware
Nec aterm Wg1200cr Firmware
Nec aterm Wg2600hm4 Firmware
Nec aterm Wg2600hp4 Firmware
Nec aterm Wg2600hs2 Firmware
Nec aterm Wg2600hs Firmware
Nec aterm Wx3000hp2 Firmware
Nec aterm Wx3000hp Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Nec
Nec aterm Wf1200cr
Nec aterm Wg1200cr
Nec aterm Wg2600hm4
Nec aterm Wg2600hp4
Nec aterm Wg2600hs
Nec aterm Wg2600hs2
Nec aterm Wx3000hp
Nec aterm Wx3000hp2
Vendors & Products Nec
Nec aterm Wf1200cr
Nec aterm Wg1200cr
Nec aterm Wg2600hm4
Nec aterm Wg2600hp4
Nec aterm Wg2600hs
Nec aterm Wg2600hs2
Nec aterm Wx3000hp
Nec aterm Wx3000hp2

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Network-Based OS Command Injection in NEC Aterm Series Routers

Fri, 27 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: NEC

Published: 2026-03-27T11:53:12.245Z

Updated: 2026-04-10T04:14:44.673Z

Reserved: 2026-03-23T06:04:49.866Z

Link: CVE-2026-4622

cve-icon Vulnrichment

Updated: 2026-03-27T12:52:57.280Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T12:16:21.133

Modified: 2026-04-20T15:22:41.390

Link: CVE-2026-4622

cve-icon Redhat

No data.