RCE in Nec Platforms, Ltd. Aterm Gb1200pe

CVE-2026-4622

OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (34.7th percentile) — read the EPSS interpretation.

Affected products

Nec Platforms, Ltd. Aterm Gb1200pe — versions Before Ver. 1.3.1
Nec Platforms, Ltd. Aterm Wf1200cr — versions Before Ver. 1.6.0
Nec Platforms, Ltd. Aterm Wg1200cr — versions Before Ver. 1.5.0
Nec Platforms, Ltd. Aterm Wg2600hm4 — versions Before Ver. 1.4.2
Nec Platforms, Ltd. Aterm Wg2600hp4 — versions Before Ver. 1.4.2
Nec Platforms, Ltd. Aterm Wg2600hs — versions Before Ver. 1.7.2
Nec Platforms, Ltd. Aterm Wg2600hs2 — versions Before Ver. 1.3.2
Nec Platforms, Ltd. Aterm Wx3000hp — versions Before Ver. 2.5.0
Nec Platforms, Ltd. Aterm Wx3000hp2 — versions Before Ver. 1.3.2

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

jpn.nec.com/security-info/secinfo/nv26-001_en.html