| Título | ZSPACE Z4Pro+ v1.0.0440024 Command Injection |
|---|
| Descrição | [cite_start]A binary vulnerability exists in the ZSPACE Z4pro+ NAS device (Firmware v1.0.0440024), leading to Remote Command Execution (RCE)[cite: 4, 10]. [cite_start]A remote attacker can send a specially crafted POST request to the /v2/file/safe/status interface to inject and execute arbitrary malicious commands on the remote target device[cite: 11]. [cite_start]This allows the attacker to gain the highest ROOT privileges and completely control the victim's NAS device[cite: 12]. |
|---|
| Fonte | ⚠️ https://github.com/LX-66-LX/cve/issues/1 |
|---|
| Utilizador | LX-66-LX (UID 92717) |
|---|
| Submissão | 12/12/2025 06h51 (há 4 meses) |
|---|
| Moderação | 27/12/2025 10h36 (15 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 338509 [ZSPACE Z4Pro+ 1.0.0440024 HTTP POST Request /v2/file/safe/status zfilev2_api_SafeStatus Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|