CVE-2026-8652

Summary

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network.

Affected Software

VendorProductVersion RangeStatus
NEC Platforms, Ltd.Aterm MR51FNBefore Ver. 3.4.0affected
NEC Platforms, Ltd.Aterm CM51FDBefore Ver. 1.2.0affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References