Skip to main content

Aterm Wx1500Hp CVE-2026-4620

| EUVDEUVD-2026-16587 HIGH
OS Command Injection (CWE-78)
2026-03-27 NEC
7.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
A
Scope
X

Lifecycle Timeline

4
Re-analysis Queued
Apr 20, 2026 - 15:22 vuln.today
cvss_changed
EUVD ID Assigned
Mar 27, 2026 - 12:15 euvd
EUVD-2026-16587
Analysis Generated
Mar 27, 2026 - 12:15 vuln.today
CVE Published
Mar 27, 2026 - 11:53 nvd
HIGH 7.1

DescriptionCVE.org

OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.

AnalysisAI

OS command injection in NEC Platforms Aterm wireless router series (models WX1500HP and WX3600HP) permits authenticated network attackers with high privileges to execute arbitrary operating system commands on affected devices. The vulnerability requires user interaction and high attack complexity (CVSS 4.0 score 7.1), with no public exploit identified at time of analysis. NEC Platforms has published a security advisory detailing the issue.

Technical ContextAI

This vulnerability affects NEC Platforms Aterm wireless access point/router products, specifically the WX1500HP and WX3600HP models (confirmed via CPE cpe:2.3:a:nec_platforms,_ltd.:aterm_wx1500hp and cpe:2.3:a:nec_platforms,_ltd.:aterm_wx3600hp). The root cause is CWE-78 (OS Command Injection), a vulnerability class where unsanitized user input is passed to system shell commands. In enterprise networking equipment like these Aterm routers, command injection typically occurs through administrative web interfaces, CLI management, or configuration APIs where input validation fails to sanitize metacharacters before executing system-level operations. The CVSS 4.0 vector indicates network-based exploitation requiring high privileges (PR:H) and user interaction (UI:A), suggesting the vulnerability likely exists in privileged administrative functions rather than unauthenticated interfaces.

RemediationAI

Consult the official NEC Platforms security advisory at https://jpn.nec.com/security-info/secinfo/nv26-001_en.html for firmware updates and specific remediation guidance for Aterm WX1500HP and WX3600HP models. The vendor advisory should specify patched firmware versions and upgrade procedures. Until patching is completed, implement compensating controls including restricting administrative interface access to trusted management networks only (not exposed to general user networks or internet), enforcing strong authentication for administrative accounts with multi-factor authentication where supported, auditing administrative access logs for suspicious command execution patterns, and reviewing privileged user accounts to ensure principle of least privilege. Organizations unable to patch immediately should consider isolating affected devices on dedicated management VLANs with strict firewall rules limiting access to authorized administrators only.

Share

CVE-2026-4620 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy