CVE-2026-4622

OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jpn.nec.com/security-info/secinfo/nv26-001_en.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:nec:aterm_wf1200cr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wf1200cr:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:nec:aterm_wg2600hp4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hp4:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:nec:aterm_wg2600hm4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hm4:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:nec:aterm_wg2600hs2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hs2:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:nec:aterm_wx3000hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wx3000hp:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:nec:aterm_wx3000hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wx3000hp2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:nec:aterm_gb1200pe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_gb1200pe:-:*:*:*:*:*:*:*

History

20 Apr 2026, 15:22

Type	Values Removed	Values Added
CPE		cpe:2.3:h:nec:aterm_wf1200cr:-:::::::* cpe:2.3:o:nec:aterm_wx3000hp_firmware:::::::: cpe:2.3:o:nec:aterm_wg2600hs_firmware:::::::: cpe:2.3:o:nec:aterm_wx3000hp2_firmware:::::::: cpe:2.3:o:nec:aterm_wg2600hp4_firmware:::::::: cpe:2.3:h:nec:aterm_wg2600hp4:-:::::::* cpe:2.3:o:nec:aterm_wf1200cr_firmware:::::::: cpe:2.3:h:nec:aterm_wx3000hp2:-:::::::* cpe:2.3:h:nec:aterm_wg2600hs:-:::::::* cpe:2.3:h:nec:aterm_wx3000hp:-:::::::* cpe:2.3:h:nec:aterm_wg2600hs2:-:::::::* cpe:2.3:o:nec:aterm_wg2600hs2_firmware:::::::: cpe:2.3:o:nec:aterm_wg1200cr_firmware:::::::: cpe:2.3:h:nec:aterm_wg1200cr:-:::::::* cpe:2.3:o:nec:aterm_wg2600hm4_firmware:::::::: cpe:2.3:o:nec:aterm_gb1200pe_firmware:::::::: cpe:2.3:h:nec:aterm_wg2600hm4:-:::::::* cpe:2.3:h:nec:aterm_gb1200pe:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://jpn.nec.com/security-info/secinfo/nv26-001_en.html -~~	() https://jpn.nec.com/security-info/secinfo/nv26-001_en.html - Vendor Advisory
First Time		Nec aterm Wg2600hm4 Firmware Nec aterm Wx3000hp2 Nec aterm Gb1200pe Firmware Nec aterm Wx3000hp Firmware Nec aterm Wg2600hp4 Nec aterm Wf1200cr Firmware Nec aterm Wg2600hs Nec Nec aterm Wg1200cr Nec aterm Wg2600hs Firmware Nec aterm Wg2600hs2 Nec aterm Wg2600hs2 Firmware Nec aterm Wx3000hp2 Firmware Nec aterm Wx3000hp Nec aterm Wg2600hp4 Firmware Nec aterm Gb1200pe Nec aterm Wf1200cr Nec aterm Wg2600hm4 Nec aterm Wg1200cr Firmware

27 Mar 2026, 12:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-27 12:16

Updated : 2026-04-20 15:22

NVD link : CVE-2026-4622

Mitre link : CVE-2026-4622

CVE.ORG link : CVE-2026-4622

JSON object : View

Products Affected

nec

aterm_wg2600hs
aterm_wf1200cr_firmware
aterm_wg2600hp4
aterm_wg2600hs2_firmware
aterm_gb1200pe_firmware
aterm_wg1200cr_firmware
aterm_wx3000hp_firmware
aterm_wg2600hm4
aterm_wx3000hp2
aterm_wx3000hp
aterm_wg2600hs2
aterm_gb1200pe
aterm_wx3000hp2_firmware
aterm_wg2600hp4_firmware
aterm_wg1200cr
aterm_wg2600hm4_firmware
aterm_wg2600hs_firmware
aterm_wf1200cr

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

9.8 /10