Lucene search
K

59 matches found

NVD
NVD
added 2025/12/05 10:15 p.m.5 views

CVE-2025-14108

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safedir causes command injection. It is possible to initiate...

9CVSS0.09394EPSS
Exploits1References4
NVD
NVD
added 2025/12/05 10:15 p.m.4 views

CVE-2025-14107

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safedir results in command injection. The...

9CVSS0.10962EPSS
Exploits1References4
OSV
OSV
added 2025/12/05 10:15 p.m.4 views

CVE-2025-14106

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...

8.7CVSS5.7AI score0.10859EPSS
Exploits1References4
NVD
NVD
added 2025/12/05 10:15 p.m.5 views

CVE-2025-14106

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...

9CVSS0.10859EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/05 10:2 p.m.21 views

CVE-2025-14108 ZSPACE Q2C NAS HTTP POST Request open zfilev2_api.OpenSafe command injection

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safedir causes command injection. It is possible to initiate...

9CVSS0.09394EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/05 10:2 p.m.2 views

CVE-2025-14108 ZSPACE Q2C NAS HTTP POST Request open zfilev2_api.OpenSafe command injection

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safedir causes command injection. It is possible to initiate...

9CVSS8.5AI score0.09394EPSS
Exploits1References4
CVE
CVE
added 2025/12/05 10:2 p.m.12 views

CVE-2025-14108

ZSPACE Q2C NAS 1.1.0210050) or apply vendor-provided fixes; restricting access to the affected API endpoint is a suggested workaround where feasible. If implementing, verify affected versions and monitor for vendor advisories.

9CVSS8.5AI score0.09394EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/05 9:32 p.m.3 views

CVE-2025-14107 ZSPACE Q2C NAS HTTP POST Request status zfilev2_api.SafeStatus command injection

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safedir results in command injection. The...

9CVSS8.4AI score0.10962EPSS
Exploits1References4
CVE
CVE
added 2025/12/05 9:32 p.m.15 views

CVE-2025-14107

ZSPACE Q2C NAS is affected by CVE-2025-14107 through the zfilev2_api.SafeStatus function in /v2/file/safe/status. The vulnerability arises from manipulating the safe_dir argument in the HTTP POST Request Handler, enabling command injection with remote access. Public exploits exist, and vendors ha...

9CVSS8.4AI score0.10962EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/05 9:32 p.m.65 views

CVE-2025-14107 ZSPACE Q2C NAS HTTP POST Request status zfilev2_api.SafeStatus command injection

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safedir results in command injection. The...

9CVSS0.10962EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/05 9:32 p.m.3 views

CVE-2025-14106 ZSPACE Q2C NAS HTTP POST Request close zfilev2_api.CloseSafe command injection

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...

9CVSS8.5AI score0.10859EPSS
Exploits1References4
CVE
CVE
added 2025/12/05 9:32 p.m.18 views

CVE-2025-14106

Vulnerability summary: CVE-2025-14106 affects ZSPACE Q2C NAS up to 1.1.0210050. The issue is in the HTTP POST Request Handler, under the function zfilev2_api.CloseSafe in file /v2/file/safe/close. By manipulating the safe_dir argument, an attacker can perform a remote command injection. Exploit c...

9CVSS8.5AI score0.10859EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/05 9:32 p.m.64 views

CVE-2025-14106 ZSPACE Q2C NAS HTTP POST Request close zfilev2_api.CloseSafe command injection

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...

9CVSS0.10859EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.3 views

ZSPACE Q2C 命令注入漏洞

ZSPACE Q2C is a private cloud storage device from China's Extreme Space ZSPACE. A command injection vulnerability exists in ZSPACE Q2C NAS 1.1.0210050 and earlier versions, which stems from incorrect manipulation of the parameter safedir in the file /v2/file/safe/status, which could lead to a...

9CVSS8.8AI score0.10962EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.8 views

PT-2025-49317

Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS versions through 1.1.0210050 Description A security flaw exists in ZSPACE Q2C NAS that allows for remote command injection. The issue is located within the zfilev2 api.SafeStatus function of the HTTP POST Request Handler...

9CVSS8.7AI score0.10962EPSS
Exploits1References11
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.4 views

ZSPACE Q2C 命令注入漏洞

ZSPACE Q2C is a private cloud storage device from China's ZSPACE ZSPACE company. A command injection vulnerability exists in ZSPACE Q2C 1.1.0210050 and earlier versions, which stems from incorrect manipulation of the parameter safedir in the file /v2/file/safe/close, which could lead to a command...

9CVSS8.8AI score0.10859EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.7 views

PT-2025-49318

Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS versions up to 1.1.0210050 Description A weakness exists in ZSPACE Q2C NAS that allows for remote command injection. The issue is related to the zfilev2 api.OpenSafe function within the HTTP POST Request Handler component,...

9CVSS8.7AI score0.09394EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.3 views

ZSPACE Q2C 命令注入漏洞

ZSPACE Q2C is a private cloud storage device from China's ZSPACE ZSPACE company. A command injection vulnerability exists in ZSPACE Q2C 1.1.0210050 and earlier versions, which stems from incorrect manipulation of the parameter safedir in the file /v2/file/safe/open, which could lead to a command...

9CVSS8.8AI score0.09394EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.6 views

PT-2025-49316

Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS versions up to 1.1.0210050 Description A command injection issue exists in ZSPACE Q2C NAS. The issue is related to the manipulation of the safe dir argument within the zfilev2 api.CloseSafe function, located in the...

9CVSS8.9AI score0.10859EPSS
Exploits1References11
Rows per page
Query Builder