CVE-2026-4622

Summary

OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.

Affected Software

VendorProductVersion RangeStatus
NEC Platforms, Ltd.Aterm WG2600HSBefore Ver. 1.7.2affected
NEC Platforms, Ltd.Aterm WF1200CRBefore Ver. 1.6.0affected
NEC Platforms, Ltd.Aterm WG1200CRBefore Ver. 1.5.0affected
NEC Platforms, Ltd.Aterm WG2600HP4Before Ver. 1.4.2affected
NEC Platforms, Ltd.Aterm WG2600HM4Before Ver. 1.4.2affected
NEC Platforms, Ltd.Aterm WG2600HS2Before Ver. 1.3.2affected
NEC Platforms, Ltd.Aterm WX3000HPBefore Ver. 2.5.0affected
NEC Platforms, Ltd.Aterm WX3000HP2Before Ver. 1.3.2affected
NEC Platforms, Ltd.Aterm GB1200PEBefore Ver. 1.3.1affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References