CVE-2026-4621
Received
Received - Intake
Hidden Functionality in NEC Aterm Enables Unauthorized Telnet Access
Publication date: 2026-03-27
Last updated on: 2026-04-20
Assigner: NEC Corporation
Description
Description
Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nec | aterm_wg1200hp4_firmware | * |
| nec | aterm_wg2600hs_firmware | to 1.7.2 (exc) |
| nec | aterm_wf1200cr_firmware | to 1.6.0 (exc) |
| nec | aterm_wg1200cr_firmware | to 1.5.0 (exc) |
| nec | aterm_wg2600hp4_firmware | to 1.4.2 (exc) |
| nec | aterm_wg2600hm4_firmware | to 1.4.2 (exc) |
| nec | aterm_wg2600hs2_firmware | to 1.3.2 (exc) |
| nec | aterm_wx3000hp_firmware | to 2.5.0 (exc) |
| nec | aterm_wx3600hp_firmware | to 1.5.3 (inc) |
| nec | aterm_w1200ex-ms_firmware | * |
| nec | aterm_wg1200hp2_firmware | * |
| nec | aterm_wg1900hp_firmware | * |
| nec | aterm_wg1200hs2_firmware | * |
| nec | aterm_wg1800hp3_firmware | * |
| nec | aterm_wg1200hp3_firmware | * |
| nec | aterm_wg1900hp2_firmware | * |
| nec | aterm_wg1200hs3_firmware | * |
| nec | aterm_wg1800hp4_firmware | * |
| nec | aterm_wg1200hs4_firmware | * |
| nec | aterm_wx1500hp_firmware | to 1.4.2 (exc) |
| nec | aterm_wx3000hp2_firmware | to 1.3.2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-912 | The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Hidden Functionality issue found in NEC Platforms, Ltd. Aterm Series devices. It allows an attacker to enable the telnet service over the network without authorization.
How can this vulnerability impact me? :
By enabling telnet remotely, an attacker could potentially gain unauthorized access to the affected device. This could lead to further exploitation, unauthorized control, or data exposure depending on the device's configuration and network environment.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70