Search
Search Results (6 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15132 | 1 Zspace | 2 Z4pro\+, Z4pro\+ Firmware | 2026-01-07 | 6.3 Medium |
| A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure. | ||||
| CVE-2025-15131 | 1 Zspace | 2 Z4pro\+, Z4pro\+ Firmware | 2026-01-07 | 6.3 Medium |
| A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure. | ||||
| CVE-2025-15133 | 1 Zspace | 2 Z4pro\+, Z4pro\+ Firmware | 2026-01-07 | 6.3 Medium |
| A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure. | ||||
| CVE-2025-14108 | 1 Zspace | 2 Q2c Nas, Q2c Nas Firmware | 2025-12-16 | 8.8 High |
| A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released. | ||||
| CVE-2025-14107 | 1 Zspace | 2 Q2c Nas, Q2c Nas Firmware | 2025-12-16 | 8.8 High |
| A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in command injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released. | ||||
| CVE-2025-14106 | 1 Zspace | 2 Q2c Nas, Q2c Nas Firmware | 2025-12-16 | 8.8 High |
| A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safe_dir leads to command injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released. | ||||
Page 1 of 1.