top of page
perceptive_background_267k.jpg

Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands thr…

Published:

15 January 2026 at 23:00:00

Alert date:

16 January 2026 at 20:08:27

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Database & Storage

CVE-2021-47816 is a command injection vulnerability in Thecus N4800Eco NAS Server Control Panel that allows authenticated attackers to execute arbitrary system commands through user management endpoints. The vulnerability can be exploited by injecting commands via username and batch user creation parameters. Successful exploitation grants attackers the ability to execute shell commands with administrative privileges. This affects the Thecus N4800Eco Network Attached Storage device's web-based control panel. The vulnerability requires authentication but provides significant privilege escalation capabilities once exploited.

Technical details

Mitigation steps:

Affected products:

Thecus N4800Eco NAS Server

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-47816
http://www.thecus.com/
http://www.thecus.com/product.php?PROD_ID=83
https://docs.unsafe-inline.com/0day/thecus-n4800eco-nas-server-control-panel-comand-injection
https://www.exploit-db.com/exploits/49926
https://www.vulncheck.com/advisories/thecus-neco-nas-server-control-panel-command-injection

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page