← Back to CVEs
CVE-2021-47816
HIGH8.8
Description
Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with administrative privileges.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published1/16/2026
Last Modified1/26/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-78
References
http://www.thecus.com/(disclosure@vulncheck.com)
http://www.thecus.com/product.php?PROD_ID=83(disclosure@vulncheck.com)
https://docs.unsafe-inline.com/0day/thecus-n4800eco-nas-server-control-panel-comand-injection(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/49926(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/thecus-neco-nas-server-control-panel-command-injection(disclosure@vulncheck.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.