CVE-2026-4621
Received Received - Intake

Hidden Functionality in NEC Aterm Enables Unauthorized Telnet Access

Vulnerability report for CVE-2026-4621, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-27

Last updated on: 2026-04-20

Assigner: NEC Corporation

Description

Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-27
Last Modified
2026-04-20
Generated
2026-07-06
AI Q&A
2026-03-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 21 associated CPEs
Vendor Product Version / Range
nec aterm_wg1200hp4_firmware *
nec aterm_wg2600hs_firmware to 1.7.2 (exc)
nec aterm_wf1200cr_firmware to 1.6.0 (exc)
nec aterm_wg1200cr_firmware to 1.5.0 (exc)
nec aterm_wg2600hp4_firmware to 1.4.2 (exc)
nec aterm_wg2600hm4_firmware to 1.4.2 (exc)
nec aterm_wg2600hs2_firmware to 1.3.2 (exc)
nec aterm_wx3000hp_firmware to 2.5.0 (exc)
nec aterm_wx3600hp_firmware to 1.5.3 (inc)
nec aterm_w1200ex-ms_firmware *
nec aterm_wg1200hp2_firmware *
nec aterm_wg1900hp_firmware *
nec aterm_wg1200hs2_firmware *
nec aterm_wg1800hp3_firmware *
nec aterm_wg1200hp3_firmware *
nec aterm_wg1900hp2_firmware *
nec aterm_wg1200hs3_firmware *
nec aterm_wg1800hp4_firmware *
nec aterm_wg1200hs4_firmware *
nec aterm_wx1500hp_firmware to 1.4.2 (exc)
nec aterm_wx3000hp2_firmware to 1.3.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-912 The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Hidden Functionality issue found in NEC Platforms, Ltd. Aterm Series devices. It allows an attacker to enable the telnet service over the network without authorization.

Impact Analysis

By enabling telnet remotely, an attacker could potentially gain unauthorized access to the affected device. This could lead to further exploitation, unauthorized control, or data exposure depending on the device's configuration and network environment.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4621. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart