PatchSiren cyber security CVE debrief
CVE-2026-8652 NEC Platforms, Ltd. CVE debrief
CVE-2026-8652 describes an OS Command Injection vulnerability in Aterm, a product line associated with NEC. The vulnerability requires an attacker to first gain administrator access to the product's web console, after which arbitrary OS commands can be executed via adjacent network access. The CVSS 4.0 vector indicates Adjacent Network attack vector (AV:A), Low attack complexity (AC:L), High privileges required (PR:H), and High impacts across confidentiality, integrity, and availability (VC:H/VI:H/VA:H). The vulnerability is classified as CWE-78 (OS Command Injection). NEC has published a security advisory for this issue. The CVE was published on May 25, 2026 and modified on May 26, 2026. No known exploitation in the wild or ransomware campaign use has been reported, and the vulnerability is not listed in CISA KEV.
- Vendor
- NEC Platforms, Ltd.
- Product
- Aterm MR51FN
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-25
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-25
- Advisory updated
- 2026-05-26
Who should care
Organizations deploying NEC Aterm routers or access points for broadband connectivity; network administrators responsible for edge network equipment; security teams monitoring for command injection vulnerabilities in network infrastructure
Technical summary
The vulnerability exists in the web console of NEC Aterm devices. An attacker with administrator credentials can inject and execute arbitrary operating system commands. The attack requires adjacent network access, meaning the attacker must be on the same network segment as the target device. The high privilege requirement (administrator access) significantly reduces attack surface but does not eliminate risk, particularly in scenarios where credentials are compromised or default credentials remain unchanged.
Defensive priority
HIGH
Recommended defensive actions
- Restrict administrative access to the Aterm web console to trusted hosts only
- Implement network segmentation to limit adjacent network access to management interfaces
- Monitor for unauthorized authentication attempts to the web console
- Apply firmware updates from NEC when available
- Review and disable unnecessary administrative features
Evidence notes
Vendor identification derived from reference domain analysis of NEC PSIRT advisory URL. Product 'Aterm' is a NEC broadband router/access point product line. CVSS 4.0 vector confirms adjacent network scope with high privilege requirements.
Official resources
-
CVE-2026-8652 CVE record
CVE.org
-
CVE-2026-8652 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
NEC published security advisory nv26-003 on May 25, 2026. The vulnerability was disclosed through coordinated disclosure via NEC's PSIRT.