Japan
サイト内の現在位置
OS Command Injection Vulnerability in Aterm series
Number: NV26-003
CVE: CVE-2026-8652
Overview
An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands.
Products Affected
Aterm
Affected Version
MR51FN: Prior to Ver. 3.4.0
CM51FD: Prior to Ver. 1.2.0
Solution
Please refer to the following support page and apply the update. (Only Japanese)
MR51FN:
https://www.aterm.jp/support/tech/2026/0525.html
CM51FD:
https://www.aterm.jp/web/model/tech_cm51fd.html
References
CVE-2026-8652
https://www.cve.org/CVERecord?id=CVE-2026-8652
Credit
reported by Mitsui & Co. Secure Direction, Inc. Sou Katou for NEC-PSIRT.
Update
- 2026/05/25
-
First edition