QwikSec

Security Database

CVE

CWE

Training

CVE-2021-47816

Published: Jan 16, 2026

Modified: Jan 16, 2026

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with administrative privileges.

Vendor	Product	Versions
Thecus	Thecus N4800Eco Nas Server Control Panel	affected `N4800Eco`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

ExploitDB-49926

exploit

Thecus Official Vendor Homepage

product

Thecus N4800Eco Product Page

product

Researcher Blog

technical-description

exploit

VulnCheck Advisory: Thecus N4800Eco Nas Server Control Panel - Command Injection

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.