OS Command Injection in NEC Platforms Aterm Series
CVE-2026-4620

7.1HIGH

Key Information:

Vendor: Nec Platforms, Ltd.
Status: Aterm Wx1500HP; Aterm Wx3600HP
Vendor: CVE Published:; 27 March 2026

🔔 Create Nec Platforms, Ltd. Vulnerability Alert

What is CVE-2026-4620?

An OS Command Injection vulnerability exists in the NEC Platforms Aterm Series, enabling attackers to execute arbitrary operating system commands through network interfaces. This flaw poses significant risks, as it can allow malicious users to gain unauthorized access and control over affected devices. Users of the Aterm Series are encouraged to review the security guidance provided by NEC to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Aterm WX1500HP Before Ver. 1.4.2

Aterm WX3600HP Before Ver. 1.4.2

References

https://jpn.nec.com/security-info/secinfo/nv26-001_en.html

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Mar 23, 2026

Credit

Zero Zero One Co., Ltd.

CVE-2026-4620 Data

JSON