CNNVD-202512-635 Information

CNNVD ID

CNNVD-202512-635

Related CVE

CVE-2025-14106

• CNNVD Published: 2025-12-05

Description (Chinese)

ZSPACE Q2C是中国极空间（ZSPACE）公司的一个私有云存储设备。 ZSPACE Q2C 1.1.0210050及之前版本存在命令注入漏洞，该漏洞源于对文件/v2/file/safe/close中参数safe_dir的错误操作，可能导致命令注入攻击。

Description (English)

ZSPACE Q2C is a privately owned cloud storage facility of ZSPACE. ZSPACE Q2C 1.1.0210050 & previous versions had a command-injecting loophole, which stemmed from an error in the safe dir parameter in document/v2/file/safe/close, which could lead to an order-injection attack.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

极空间

Published

2025-12-05

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.334488 https://vuldb.com/?id.334488 https://vuldb.com/?submit.697141 https://www.notion.so/2af6cf4e528a80bab847dcc1fb677590 https://access.redhat.com/security/cve/cve-2025-14106