Vulnerability Database

322,905

Total vulnerabilities in the database

CVE-2021-47816

Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with administrative privileges.

Published: Jan 16, 2026
Updated: Jan 17, 2026
CVE: CVE-2021-47816
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

http://www.thecus.com/
http://www.thecus.com/product.php?PROD_ID=83
https://docs.unsafe-inline.com/0day/thecus-n4800eco-nas-server-control-panel-comand-injection
https://www.exploit-db.com/exploits/49926
https://www.vulncheck.com/advisories/thecus-neco-nas-server-control-panel-command-injection

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo