59 matches found
CVE-2025-14108
A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safedir causes command injection. It is possible to initiate...
CVE-2025-14107
A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safedir results in command injection. The...
CVE-2025-14106
A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...
CVE-2025-14106
A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...
CVE-2025-14108 ZSPACE Q2C NAS HTTP POST Request open zfilev2_api.OpenSafe command injection
A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safedir causes command injection. It is possible to initiate...
CVE-2025-14108 ZSPACE Q2C NAS HTTP POST Request open zfilev2_api.OpenSafe command injection
A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safedir causes command injection. It is possible to initiate...
CVE-2025-14108
ZSPACE Q2C NAS 1.1.0210050) or apply vendor-provided fixes; restricting access to the affected API endpoint is a suggested workaround where feasible. If implementing, verify affected versions and monitor for vendor advisories.
CVE-2025-14107 ZSPACE Q2C NAS HTTP POST Request status zfilev2_api.SafeStatus command injection
A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safedir results in command injection. The...
CVE-2025-14107
ZSPACE Q2C NAS is affected by CVE-2025-14107 through the zfilev2_api.SafeStatus function in /v2/file/safe/status. The vulnerability arises from manipulating the safe_dir argument in the HTTP POST Request Handler, enabling command injection with remote access. Public exploits exist, and vendors ha...
CVE-2025-14107 ZSPACE Q2C NAS HTTP POST Request status zfilev2_api.SafeStatus command injection
A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safedir results in command injection. The...
CVE-2025-14106 ZSPACE Q2C NAS HTTP POST Request close zfilev2_api.CloseSafe command injection
A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...
CVE-2025-14106
Vulnerability summary: CVE-2025-14106 affects ZSPACE Q2C NAS up to 1.1.0210050. The issue is in the HTTP POST Request Handler, under the function zfilev2_api.CloseSafe in file /v2/file/safe/close. By manipulating the safe_dir argument, an attacker can perform a remote command injection. Exploit c...
CVE-2025-14106 ZSPACE Q2C NAS HTTP POST Request close zfilev2_api.CloseSafe command injection
A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...
ZSPACE Q2C 命令注入漏洞
ZSPACE Q2C is a private cloud storage device from China's Extreme Space ZSPACE. A command injection vulnerability exists in ZSPACE Q2C NAS 1.1.0210050 and earlier versions, which stems from incorrect manipulation of the parameter safedir in the file /v2/file/safe/status, which could lead to a...
PT-2025-49317
Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS versions through 1.1.0210050 Description A security flaw exists in ZSPACE Q2C NAS that allows for remote command injection. The issue is located within the zfilev2 api.SafeStatus function of the HTTP POST Request Handler...
ZSPACE Q2C 命令注入漏洞
ZSPACE Q2C is a private cloud storage device from China's ZSPACE ZSPACE company. A command injection vulnerability exists in ZSPACE Q2C 1.1.0210050 and earlier versions, which stems from incorrect manipulation of the parameter safedir in the file /v2/file/safe/close, which could lead to a command...
PT-2025-49318
Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS versions up to 1.1.0210050 Description A weakness exists in ZSPACE Q2C NAS that allows for remote command injection. The issue is related to the zfilev2 api.OpenSafe function within the HTTP POST Request Handler component,...
ZSPACE Q2C 命令注入漏洞
ZSPACE Q2C is a private cloud storage device from China's ZSPACE ZSPACE company. A command injection vulnerability exists in ZSPACE Q2C 1.1.0210050 and earlier versions, which stems from incorrect manipulation of the parameter safedir in the file /v2/file/safe/open, which could lead to a command...
PT-2025-49316
Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS versions up to 1.1.0210050 Description A command injection issue exists in ZSPACE Q2C NAS. The issue is related to the manipulation of the safe dir argument within the zfilev2 api.CloseSafe function, located in the...