| 제목 | ZSPACE Z4Pro+ v1.0.0440024 Command Injection |
|---|
| 설명 | A binary vulnerability exists in the ZSPACE Z4pro+ NAS device (Firmware v1.0.0440024), leading to Remote Command Execution (RCE). A remote attacker can send a specially crafted POST request to the /v2/file/safe/close interface to inject and execute arbitrary malicious commands on the remote target device. This allows the attacker to gain the highest ROOT privileges and completely control the victim's NAS device. |
|---|
| 원천 | ⚠️ https://github.com/LX-66-LX/cve/issues/3 |
|---|
| 사용자 | LX-66-LX (UID 92717) |
|---|
| 제출 | 2025. 12. 12. AM 07:14 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 27. AM 10:36 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 338511 [ZSPACE Z4Pro+ 1.0.0440024 HTTP POST Request /v2/file/safe/close zfilev2_api_CloseSafe 권한 상승] |
|---|
| 포인트들 | 19 |
|---|