4 matches found
CVE-2025-15133
A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...
CVE-2025-15133 ZSPACE Z4Pro+ HTTP POST Request close zfilev2_api_CloseSafe command injection
A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...
CVE-2025-15132
Summary: CVE-2025-15132 affects ZSPACE Z4Pro+ 1.0.0440024. The vulnerable component is the HTTP POST Request Handler, specifically the function zfilev2_api_open in the file path /v2/file/safe/open. This manipulation enables command injection and can be triggered remotely. Public disclosure of the...
ZSPACE Z4Pro+ 命令注入漏洞
ZSPACE Z4Pro+ is a private cloud storage device from China's ZSPACE ZSPACE company. A command injection vulnerability exists in ZSPACE Z4Pro+ version 1.0.0440024, which originates from a misbehavior of the function zfilev2apiopen in the file /v2/file/safe/open, which could lead to command injecti...