HIGHCVE-2026-8652Published 2026-05-25Modified 2026-05-26CNA NEC

CVE-2026-8652: An OS Command Injection vulnerability exists in Aterm

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network.

CVSS v4.0: 8.5
Severity: HIGH
Fixed in: —
Affected Products: 2

Affected packages

NEC Platforms, Ltd. / Aterm MR51FN
Before Ver. 3.4.0
NEC Platforms, Ltd. / Aterm CM51FD
Before Ver. 1.2.0

CVSS Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

jpn.nec.com

Metrics