CVE-2026-8652 | THREATINT

Description

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network.

PUBLISHED Reserved 2026-05-15 | Published 2026-05-25 | Updated 2026-05-25 | Assigner NEC

HIGH: 8.5CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unknown

Before Ver. 3.4.0

affected

Default status

unknown

Before Ver. 1.2.0

affected

Credits

Sou Katou of Mitsui & Co. Secure Direction, Inc. reporter

References

jpn.nec.com/security-info/secinfo/nv26-003_en.html

cve.org (CVE-2026-8652)

nvd.nist.gov (CVE-2026-8652)

Download JSON