CNNVD-202512-634 Information
Dec 05, 2025
cve
CNNVD ID
CNNVD-202512-634
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
ZSPACE Q2C是中国极空间(ZSPACE)公司的一个私有云存储设备。 ZSPACE Q2C NAS 1.1.0210050及之前版本存在命令注入漏洞,该漏洞源于对文件/v2/file/safe/status中参数safe_dir的错误操作,可能导致命令注入攻击。
Description (English)
ZSPACE Q2C is a privately owned cloud storage facility of ZSPACE. ZSPACE Q2C NAS 1.1.0210050 and previous versions had a command-injecting loophole, which stemmed from an error in the parameter safe dir in document/v2/file/safe/status, which could lead to an order-injecting attack.
Hazard Level
Medium
Vulnerability Type
命令注入
Affected Vendor
极空间
Published
2025-12-05
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.334489 https://vuldb.com/?submit.697143 https://www.notion.so/2af6cf4e528a8001935bcdd9e77f1ebc https://vuldb.com/?id.334489 https://access.redhat.com/security/cve/cve-2025-14107
Share on: