CVE-2026-4622

Critical

Published: 27 March 2026

Published

27 March 2026

Modified

20 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates CVE-2026-4622 by requiring timely installation of vendor patches to remediate the OS command injection flaw.

SI-10 Information Input Validation good match

prevent

Prevents exploitation of the command injection vulnerability by validating and sanitizing untrusted network inputs to reject malicious OS command payloads.

SC-7 Boundary Protection partial match

prevent

Boundary protection mechanisms like firewalls restrict network access to the vulnerable service on the Aterm device, reducing exposure to unauthenticated remote attackers.

Security SummaryAI

CVE-2026-4622 is an OS Command Injection vulnerability (CWE-78) in NEC Platforms, Ltd. Aterm Series products. Published on 2026-03-27, it enables an attacker to execute arbitrary OS commands via network access. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact.

The vulnerability can be exploited by any unauthenticated remote attacker with network connectivity to the affected device, requiring low complexity and no user interaction. Successful exploitation allows arbitrary command execution on the underlying operating system, compromising confidentiality, integrity, and availability with high impact.

Mitigation guidance is available in the vendor advisory at https://jpn.nec.com/security-info/secinfo/nv26-001_en.html.

Details

CWE(s): CWE-78

Affected Products

nec

aterm wg2600hs firmware

≤ 1.7.2

nec

aterm wf1200cr firmware

≤ 1.6.0

nec

aterm wg1200cr firmware

≤ 1.5.0

nec

aterm wg2600hp4 firmware

≤ 1.4.2

nec

aterm wg2600hm4 firmware

≤ 1.4.2

nec

aterm wg2600hs2 firmware

≤ 1.3.2

nec

aterm wx3000hp firmware

≤ 2.5.0

nec

aterm wx3000hp2 firmware

≤ 1.3.2

nec

aterm gb1200pe firmware

≤ 1.3.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Unauthenticated remote OS command injection in a network-facing device directly enables T1190 (Exploit Public-Facing Application) and facilitates arbitrary command execution via T1059.004 (Unix Shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://jpn.nec.com/security-info/secinfo/nv26-001_en.html
Vendor Advisory · psirt-info@cyber.jp.nec.com