CVE-2021-47816
Published: 16 January 2026
Summary
CVE-2021-47816 is a high-severity OS Command Injection (CWE-78) vulnerability in Thecus N4800Eco NAS (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, ranked at the 24.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents command injection vulnerability by requiring validation of untrusted inputs like username and batch user creation parameters in the NAS control panel.
Ensures timely identification, reporting, and correction of the specific command injection flaw in the Thecus N4800Eco control panel.
Limits damage from injected administrative shell commands by enforcing least privilege on control panel processes and users.
NVD Description
Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with…
more
administrative privileges.
Deeper analysisAI
CVE-2021-47816 is a command injection vulnerability (CWE-78) in the Thecus N4800Eco NAS Server Control Panel. It affects user management endpoints, where attackers can inject commands via username and batch user creation parameters, enabling execution of arbitrary shell commands with administrative privileges. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.
Authenticated attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows execution of arbitrary system commands as an administrator, potentially leading to full control over the NAS device, including data exfiltration, modification, or deletion, as well as disruption of services.
Advisories and references, including those from VulnCheck and Exploit-DB, document the issue with a proof-of-concept exploit available at https://www.exploit-db.com/exploits/49926. Vendor pages at http://www.thecus.com/ and http://www.thecus.com/product.php?PROD_ID=83 provide product details, while https://docs.unsafe-inline.com/0day/thecus-n4800eco-nas-server-control-panel-comand-injection and https://www.vulncheck.com/advisories/thecus-neco-nas-server-control-panel-command-injection offer further technical analysis; no specific patch details are outlined in the provided information.
Details
- CWE(s)