CVE-2026-4622 is a high-severity OS Command Injection vulnerability identified in NEC Platforms, Ltd.'s Aterm WG2600HS router series, affecting firmware versions prior to 1.7.2. The vulnerability arises due to improper neutralization of special characters in OS commands (CWE-78), allowing an attacker to inject and execute arbitrary operating system commands remotely via network access. The CVSS 4.0 vector indicates that exploitation requires network access (AV:N), high attack complexity (AC:H), no privileges required (PR:H indicates high privileges required, but the vector states PR:H, meaning privileges are required), no user interaction (UI:A means user interaction is required), and impacts confidentiality, integrity, and availability with high scope and impact metrics. The attack requires an authenticated user with high privileges and some user interaction, making exploitation more challenging but still feasible in targeted scenarios. No public exploits are known yet, but the vulnerability could allow attackers to compromise device control, intercept or manipulate network traffic, or disrupt network availability. The lack of a patch link suggests that a fix may not yet be publicly available, emphasizing the need for vigilance and interim mitigations. This vulnerability is particularly critical in environments where these routers are used as gateways or in sensitive network segments.

The exploitation of CVE-2026-4622 can have severe consequences for organizations relying on NEC Aterm WG2600HS routers. Successful command injection can lead to full device compromise, allowing attackers to execute arbitrary commands with the privileges of the affected service. This can result in unauthorized access to network traffic, manipulation or disruption of network services, and potential lateral movement within the network. Confidentiality is at risk as attackers may intercept or exfiltrate sensitive data. Integrity can be compromised through unauthorized configuration changes or malware installation. Availability may be impacted by denial-of-service conditions caused by malicious commands. Given the router's role as a network gateway, the vulnerability could serve as a foothold for broader network intrusions. The requirement for authentication and user interaction limits mass exploitation but does not eliminate risk in targeted attacks, especially in environments with weak credential management or social engineering susceptibility.

Organizations should immediately verify the firmware version of NEC Aterm WG2600HS devices and plan to upgrade to version 1.7.2 or later once available. Until patches are released, implement strict network segmentation to isolate affected devices from critical infrastructure. Enforce strong authentication mechanisms and change default or weak credentials to reduce the risk of unauthorized access. Monitor device logs for unusual command execution or access patterns indicative of exploitation attempts. Disable remote management interfaces if not required, or restrict access to trusted IP addresses. Employ network intrusion detection systems (NIDS) with signatures tuned to detect command injection attempts. Educate users and administrators about the risks of social engineering that could facilitate user interaction required for exploitation. Regularly audit device configurations and access controls to ensure compliance with security best practices.