CVE-2021-47816

Thecus N4800Eco Nas Server Control Panel - Command Injection

Description

Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with administrative privileges.

INFO

Published Date :

2026-01-16T19:09:26.929Z

Last Modified :

2026-01-16T20:43:27.338Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2021-47816 vulnerability.

Vendors	Products
Thecus	N4800eco Nas Server Control Panel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2021-47816.

URL	Resource
http://www.thecus.com/
http://www.thecus.com/product.php?PROD_ID=83
https://docs.unsafe-inline.com/0day/thecus-n4800eco-nas-server-control-panel-comand-injection
https://www.exploit-db.com/exploits/49926
https://www.vulncheck.com/advisories/thecus-neco-nas-server-control-panel-command-injection

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact