| Название | ZSPACE Z4Pro+ v1.0.0440024 Command Injection |
|---|
| Описание | A binary vulnerability exists in the ZSPACE Z4pro+ NAS device (Firmware v1.0.0440024), leading to Remote Command Execution (RCE). A remote attacker can send a specially crafted POST request to the /v2/file/safe/close interface to inject and execute arbitrary malicious commands on the remote target device. This allows the attacker to gain the highest ROOT privileges and completely control the victim's NAS device. |
|---|
| Источник | ⚠️ https://github.com/LX-66-LX/cve/issues/3 |
|---|
| Пользователь | LX-66-LX (UID 92717) |
|---|
| Представление | 12.12.2025 07:14 (4 месяцы назад) |
|---|
| Модерация | 27.12.2025 10:36 (15 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 338511 [ZSPACE Z4Pro+ 1.0.0440024 HTTP POST Request /v2/file/safe/close zfilev2_api_CloseSafe эскалация привилегий] |
|---|
| Баллы | 19 |
|---|