CVE-2018-14417

SoftNAS Cloud OS Command Injection (CVE-2018-14417) affects SoftNAS Cloud prior to 4.0.3. The vulnerability is in the web administration snserv endpoint: the check/update path does not sanitize the recentVersion parameter, allowing an unauthenticated attacker to execute arbitrary commands with ro...

CVE-2019-9945

CVE-2019-9945 affects SoftNAS Cloud 4.2.0/4.2.1. A remote attacker can gain access to the Webadmin interface and execute arbitrary commands with administrative privileges by manipulating an NGINX cookie check, potentially creating new users, if the StorageCenter ports are exposed to the internet....