CVE-2021-34111
CRITICALThecus N4800Eco Firmware - OS Command Injection via Username Parameter
Title source: llmDescription
Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://docs.unsafe-inline.com/0day/thecus-n4800eco-nas-server-control-panel-comand-injection
Scores
CVSS v3
9.8
EPSS
0.0255
EPSS Percentile
83.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
thecus/n4800eco_firmware
Published
May 20, 2022
Tracked Since
Feb 18, 2026