| Titel | ZSPACE Z4Pro+ v1.0.0440024 Command Injection |
|---|
| Beschreibung | [cite_start]A binary vulnerability exists in the ZSPACE Z4pro+ NAS device (Firmware v1.0.0440024), leading to Remote Command Execution (RCE)[cite: 4, 10]. [cite_start]A remote attacker can send a specially crafted POST request to the /v2/file/safe/open interface to inject and execute arbitrary malicious commands on the remote target device[cite: 11]. [cite_start]This allows the attacker to gain the highest ROOT privileges and completely control the victim's NAS device[cite: 12]. |
|---|
| Quelle | ⚠️ https://github.com/LX-66-LX/cve/issues/2 |
|---|
| Benutzer | LX-66-LX (UID 92717) |
|---|
| Einreichung | 12.12.2025 07:06 (vor 4 Monaten) |
|---|
| Moderieren | 27.12.2025 10:36 (15 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 338510 [ZSPACE Z4Pro+ 1.0.0440024 HTTP POST Request /v2/file/safe/open zfilev2_api_open erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|