CVE-2026-4621

Published Mar 27, 2026

Last updated 9 days ago

CVSS medium 6.3

Overview

Description
Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.
Source
psirt-info@cyber.jp.nec.com
NVD status
Analyzed
Products
aterm_wg1200hp4_firmware, aterm_wg2600hs_firmware, aterm_wf1200cr_firmware, aterm_wg1200cr_firmware, aterm_wg2600hp4_firmware, aterm_wg2600hm4_firmware, aterm_wg2600hs2_firmware, aterm_wx3000hp_firmware, aterm_wx3600hp_firmware, aterm_w1200ex-ms_firmware, aterm_wg1200hp2_firmware, aterm_wg1900hp_firmware, aterm_wg1200hs2_firmware, aterm_wg1800hp3_firmware, aterm_wg1200hp3_firmware, aterm_wg1900hp2_firmware, aterm_wg1200hs3_firmware, aterm_wg1800hp4_firmware, aterm_wg1200hs4_firmware, aterm_wx1500hp_firmware, aterm_wx3000hp2_firmware

Risk scores

CVSS 4.0

Type
Secondary
Base score
6.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
5.6
Impact score
3.4
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity
MEDIUM

Weaknesses

psirt-info@cyber.jp.nec.com
CWE-912

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.CVE-2026-4622
  2. OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.CVE-2026-4620
  3. Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.CVE-2026-4619
  4. Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.CVE-2026-4309
  5. Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to get device informations via the internet.CVE-2024-28016

References

Sources include official advisories and independent security research.