CVE-2026-8652 describes an OS Command Injection vulnerability in Aterm, a product line associated with NEC. The vulnerability requires an attacker to first gain administrator access to the product's web console, after which arbitrary OS commands can be executed via adjacent network access. The CVSS 4.0 vector indicates Adjacent Network attack vector (AV:A), Low attack complexity (AC:L), High privileges re [truncated]
A cross-site scripting (XSS) vulnerability in Aterm allows arbitrary script execution in the web browser of users accessing the web management interface. The attack requires adjacent network access and user interaction. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The CVSS 4.0 vector indicates adjacent network attack vector, low attack complexity [truncated]
