CVE-2026-8652_CVE-2026-8652

8.5 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network.

AI Analysis

OS Command Injection vulnerability allowing arbitrary command execution via adjacent network

Basic Information

ID CVE-2026-8652

Source NEC

Published May 25, 2026 at 02:23

Modified May 25, 2026 at 02:40

Affected Product

Vendor NEC Platforms, Ltd.

Product Aterm MR51FN

Version Before Ver. 3.4.0

Affected Versions NEC Platforms, Ltd. Aterm MR51FN Before Ver. 3.4.0
NEC Platforms, Ltd. Aterm CM51FD Before Ver. 1.2.0

CWE Classification

CWE-78

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor NEC Platforms, Ltd.

Product Aterm

Version Before Ver. 3.4.0, Before Ver. 1.2.0

References

jpn.nec.com /security-info/secinfo/nv26-003_en.html

{
    "lastseen": "",
    "description": "An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product\u2019s web console, they may be able to execute arbitrary OS commands via adjacent network.",
    "published": "2026-05-25T02:23:26.442Z",
    "modified": "2026-05-25T02:40:41.776Z",
    "type": "cve",
    "title": "CVE-2026-8652",
    "source": "NEC",
    "references": "https://jpn.nec.com/security-info/secinfo/nv26-003_en.html",
    "id": "CVE-2026-8652",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "NEC Platforms, Ltd. Aterm MR51FN Before Ver. 3.4.0\nNEC Platforms, Ltd. Aterm CM51FD Before Ver. 1.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Aterm MR51FN",
    "version": "Before Ver. 3.4.0",
    "vendor": "NEC Platforms, Ltd.",
    "ai_description": "OS Command Injection vulnerability allowing arbitrary command execution via adjacent network",
    "ai_severity": "High",
    "ai_vendor": "NEC Platforms, Ltd.",
    "ai_product": "Aterm",
    "ai_version": "Before Ver. 3.4.0, Before Ver. 1.2.0",
    "ai_score": 8.5
}