CVE-2026-4621
Received
Received - Intake
Hidden Functionality in NEC Aterm Enables Unauthorized Telnet Access
Vulnerability report for CVE-2026-4621, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-27
Last updated on: 2026-04-20
Assigner: NEC Corporation
Description
Description
Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nec | aterm_wg1200hp4_firmware | * |
| nec | aterm_wg2600hs_firmware | to 1.7.2 (exc) |
| nec | aterm_wf1200cr_firmware | to 1.6.0 (exc) |
| nec | aterm_wg1200cr_firmware | to 1.5.0 (exc) |
| nec | aterm_wg2600hp4_firmware | to 1.4.2 (exc) |
| nec | aterm_wg2600hm4_firmware | to 1.4.2 (exc) |
| nec | aterm_wg2600hs2_firmware | to 1.3.2 (exc) |
| nec | aterm_wx3000hp_firmware | to 2.5.0 (exc) |
| nec | aterm_wx3600hp_firmware | to 1.5.3 (inc) |
| nec | aterm_w1200ex-ms_firmware | * |
| nec | aterm_wg1200hp2_firmware | * |
| nec | aterm_wg1900hp_firmware | * |
| nec | aterm_wg1200hs2_firmware | * |
| nec | aterm_wg1800hp3_firmware | * |
| nec | aterm_wg1200hp3_firmware | * |
| nec | aterm_wg1900hp2_firmware | * |
| nec | aterm_wg1200hs3_firmware | * |
| nec | aterm_wg1800hp4_firmware | * |
| nec | aterm_wg1200hs4_firmware | * |
| nec | aterm_wx1500hp_firmware | to 1.4.2 (exc) |
| nec | aterm_wx3000hp2_firmware | to 1.3.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-912 | The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. |