← Retour aux CVEs
CVE-2021-47816
HIGH8.8
Description
Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with administrative privileges.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie1/16/2026
Derniere modification1/26/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-78
References
http://www.thecus.com/(disclosure@vulncheck.com)
http://www.thecus.com/product.php?PROD_ID=83(disclosure@vulncheck.com)
https://docs.unsafe-inline.com/0day/thecus-n4800eco-nas-server-control-panel-comand-injection(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/49926(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/thecus-neco-nas-server-control-panel-command-injection(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.