Primary

Context

NEC Aterm OS Command Injection Vulnerability

Vulnerability

Patched

A command injection vulnerability has been identified in the NEC Aterm product line. This vulnerability allows an attacker with administrative access to the device's web console to execute arbitrary operating system commands. The issue is present in the Aterm MR51FN model prior to version 3.4.0 and the CM51FD model prior to version 1.2.0.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands with the privileges of the affected device.

Remediation

Users are advised to update to the latest versions. For the MR51FN model, the update information is available on the Aterm support page. CM51FD users can refer to the Aterm CM51FD technical support page for update instructions.

Added: May 26, 2026, 8:16 PM

Updated: May 26, 2026, 8:16 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.0

remediation

0.0

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.0

remediation

0.0

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NEC Aterm OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

NEC Aterm MR51FN

NEC Aterm CM51FD

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating