6 matches found
CVE-2025-15133
A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...
CVE-2025-15133
ZSPACE Z4Pro+ 1.0.0440024 contains a vulnerability in the HTTP POST Request Handler, specifically the zfilev2_api_CloseSafe function in /v2/file/safe/close. The issue allows remote command injection and is facilitated by manipulation of this function. Several sources confirm the exploit is public...
CVE-2025-14106
A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...
CVE-2025-14106
A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...
CVE-2025-14106 ZSPACE Q2C NAS HTTP POST Request close zfilev2_api.CloseSafe command injection
A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...
PT-2025-49316
Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS versions up to 1.1.0210050 Description A command injection issue exists in ZSPACE Q2C NAS. The issue is related to the manipulation of the safe dir argument within the zfilev2 api.CloseSafe function, located in the...