CVE-2008-0804

Thecus N5200Pro NAS Server Control Panel - Remote Code Execution via usrgetform.html name Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0804. PoCs published by Crackers_Child.

AI-analyzed exploit summary This exploit targets a remote file include vulnerability in Thecus N5200Pro NAS Server Control Panel via the 'name' parameter in usrgetform.html. The vulnerability allows an attacker to include arbitrary files, potentially leading to remote code execution.

Description

PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Crackers_Child · textremotehardware
https://www.exploit-db.com/exploits/5150

This exploit targets a remote file include vulnerability in Thecus N5200Pro NAS Server Control Panel via the 'name' parameter in usrgetform.html. The vulnerability allows an attacker to include arbitrary files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Thecus N5200Pro NAS Server Control Panel
No auth needed
Prerequisites: Network access to the target server · The target server must be running the vulnerable Thecus N5200Pro NAS Server Control Panel
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29013
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5150
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27865

Scores

EPSS 0.0181
EPSS Percentile 75.8%

Details

CWE
CWE-94
Status published
Products (1)
thecus/n5200pro_nas_server_control_panel
Published Feb 19, 2008
Tracked Since Feb 18, 2026