{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4622", "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "state": "PUBLISHED", "assignerShortName": "NEC", "dateReserved": "2026-03-23T06:04:49.866Z", "datePublished": "2026-03-27T11:53:12.245Z", "dateUpdated": "2026-04-10T04:14:44.673Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "shortName": "NEC", "dateUpdated": "2026-04-10T04:14:44.673Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "affected": [{"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HS", "versions": [{"status": "affected", "version": "Before Ver. 1.7.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WF1200CR", "versions": [{"status": "affected", "version": "Before Ver. 1.6.0"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200CR", "versions": [{"status": "affected", "version": "Before Ver. 1.5.0"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HP4", "versions": [{"status": "affected", "version": "Before Ver. 1.4.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HM4", "versions": [{"status": "affected", "version": "Before Ver. 1.4.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HS2", "versions": [{"status": "affected", "version": "Before Ver. 1.3.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WX3000HP", "versions": [{"status": "affected", "version": "Before Ver. 2.5.0"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WX3000HP2", "versions": [{"status": "affected", "version": "Before Ver. 1.3.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm GB1200PE", "versions": [{"status": "affected", "version": "Before Ver. 1.3.1"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network."}]}], "references": [{"url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Chuya Hayakawa of Zero Zero One Co., Ltd.", "user": "00000000-0000-4000-9000-000000000000", "type": "reporter"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T12:50:35.148912Z", "id": "CVE-2026-4622", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T12:53:16.253Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4622", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-27T12:50:35.148912Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T12:52:57.280Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Chuya Hayakawa of Zero Zero One Co., Ltd."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HS", "versions": [{"status": "affected", "version": "Before Ver. 1.7.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WF1200CR", "versions": [{"status": "affected", "version": "Before Ver. 1.6.0"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG1200CR", "versions": [{"status": "affected", "version": "Before Ver. 1.5.0"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HP4", "versions": [{"status": "affected", "version": "Before Ver. 1.4.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HM4", "versions": [{"status": "affected", "version": "Before Ver. 1.4.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WG2600HS2", "versions": [{"status": "affected", "version": "Before Ver. 1.3.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WX3000HP", "versions": [{"status": "affected", "version": "Before Ver. 2.5.0"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm WX3000HP2", "versions": [{"status": "affected", "version": "Before Ver. 1.3.2"}], "defaultStatus": "unknown"}, {"vendor": "NEC Platforms, Ltd.", "product": "Aterm GB1200PE", "versions": [{"status": "affected", "version": "Before Ver. 1.3.1"}], "defaultStatus": "unknown"}], "references": [{"url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.", "supportingMedia": [{"type": "text/html", "value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "shortName": "NEC", "dateUpdated": "2026-04-10T04:14:44.673Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4622", "state": "PUBLISHED", "dateUpdated": "2026-04-10T04:14:44.673Z", "dateReserved": "2026-03-23T06:04:49.866Z", "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "datePublished": "2026-03-27T11:53:12.245Z", "assignerShortName": "NEC"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9BC68AC-B83D-4E0B-9B8D-23477CE698B5", "versionEndExcluding": "1.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*", "matchCriteriaId": "623C9C7B-C947-49A8-9C1D-20B23FDA73ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wf1200cr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE8EF43A-B179-4352-A9C9-09A13AEB63AC", "versionEndExcluding": "1.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wf1200cr:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A91D9EB-5962-498E-9B14-C5712DDDF7C2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1BD83BE-3C42-417E-838F-A5D6FB63443F", "versionEndExcluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*", "matchCriteriaId": "936D9DD3-11E5-4862-B157-85B13EA06C38", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg2600hp4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E67DF3D-78B9-4B64-B3D1-B3A0B9951B83", "versionEndExcluding": "1.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg2600hp4:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CA71E45-3623-423D-A1E7-FA7617A22EBD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg2600hm4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8631153A-E9AE-4288-B1BD-B035CF51063C", "versionEndExcluding": "1.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg2600hm4:-:*:*:*:*:*:*:*", "matchCriteriaId": "20D6198A-B5F8-4E5E-94AE-0C657EBAB137", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg2600hs2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3D92216-F37F-49DE-978E-CB9A657D3FE7", "versionEndExcluding": "1.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg2600hs2:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA952A10-D2C7-4155-B805-B5DE9CFA5B96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wx3000hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4C5E53E-B37C-4FA6-BE0E-F78C168A7E8C", "versionEndExcluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wx3000hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F34C11C-91C8-4DE6-B170-06C857E9E3F3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wx3000hp2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC5AF3B6-76AD-4E18-8427-61D0D8260AD1", "versionEndExcluding": "1.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wx3000hp2:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2D80835-26A0-48E9-AF95-76F06ADB21EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_gb1200pe_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F0841F4-A7CA-4B68-926E-8E8E551A18E4", "versionEndExcluding": "1.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_gb1200pe:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBE99726-A097-42CF-9AA6-67AF2CBA2509", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network."}], "id": "CVE-2026-4622", "lastModified": "2026-04-20T15:22:41.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt-info@cyber.jp.nec.com", "type": "Secondary"}]}, "published": "2026-03-27T12:16:21.133", "references": [{"source": "psirt-info@cyber.jp.nec.com", "tags": ["Vendor Advisory"], "url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"}], "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "psirt-info@cyber.jp.nec.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.6.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Aterm WF1200CR", "source": "cna", "vendor": "NEC Platforms, Ltd."}, "product": "aterm_wf1200cr", "vendor": "nec"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.5.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Aterm WG1200CR", "source": "cna", "vendor": "NEC Platforms, Ltd."}, "product": "aterm_wg1200cr", "vendor": "nec"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.4.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Aterm WG2600HM4", "source": "cna", "vendor": "NEC Platforms, Ltd."}, "product": "aterm_wg2600hm4", "vendor": "nec"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.4.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Aterm WG2600HP4", "source": "cna", "vendor": "NEC Platforms, Ltd."}, "product": "aterm_wg2600hp4", "vendor": "nec"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.7.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Aterm WG2600HS", "source": "cna", "vendor": "NEC Platforms, Ltd."}, "product": "aterm_wg2600hs", "vendor": "nec"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Aterm WG2600HS2", "source": "cna", "vendor": "NEC Platforms, Ltd."}, "product": "aterm_wg2600hs2", "vendor": "nec"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.5.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "aterm_wx3000hp", "vendor": "nec"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "aterm_wx3000hp2", "vendor": "nec"}], "analysis": {"en": {"generated_at": "2026-03-27T13:21:30.237523+00:00", "value": {"mitigation_remediation": ["Download and install the latest firmware update from NEC\u2019s security portal.", "Verify that the update contains a fix for the command injection flaw before deployment.", "If a firmware update is unavailable, disable remote management interfaces unless required for business operations.", "Ensure that all administrative credentials are unique, strong, and changed regularly.", "Regularly monitor device logs for evidence of unauthorized command execution."], "summary": {"action": "Immediate Patch", "impact": "Remote Command Execution"}, "threat_synthesis": {"affected_systems": "The security issue affects NEC Platforms, Ltd. Aterm networking devices, including the WF1200CR, WG1200CR, WG2600HM4, WG2600HP4, WG2600HS, WG2600HS2, WX3000HP, and WX3000HP2 models. No specific firmware or hardware version details are listed in the advisory, so any device after the initial release may be at risk until a vendor update is applied.", "description_and_impact": "An OS Command Injection flaw permits an attacker to run arbitrary operating\u2011system commands on NEC\u2019s Aterm series devices through a network interface. The vulnerability is a classic command injection (CWE\u201178) that can be leveraged to compromise confidentiality, integrity, and availability of the affected devices, potentially giving attackers full administrative control over the network equipment.", "risk_and_exploitability": "The CVSS score of 7.1 underscores a high severity, and the exploit is network\u2011based, meaning an attacker only needs connectivity to the device\u2019s management or configuration interface. While the EPSS score is not available and the vulnerability is not in CISA's KEV catalog, the potential impact warrants prompt remediation. The advisory does not detail an exploit in the wild, but the known vector and high score suggest the issue should be treated as credible."}}}}, "created": "2026-03-27T15:47:02.929144+00:00", "title": "Network-Based OS Command Injection in NEC Aterm Series Routers", "updated": "2026-03-30T07:59:43.208791+00:00", "vendors": ["nec", "nec$PRODUCT$aterm_wf1200cr", "nec$PRODUCT$aterm_wg1200cr", "nec$PRODUCT$aterm_wg2600hm4", "nec$PRODUCT$aterm_wg2600hp4", "nec$PRODUCT$aterm_wg2600hs", "nec$PRODUCT$aterm_wg2600hs2", "nec$PRODUCT$aterm_wx3000hp", "nec$PRODUCT$aterm_wx3000hp2"]}