CVE-2021-47816
Published: 16 January 2026
Summary
CVE-2021-47816 is a medium-severity OS Command Injection (CWE-78) vulnerability in Thecus N4800Eco NAS (inferred from references). Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 26.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2021-47816 is a command injection vulnerability (CWE-78) in the Thecus N4800Eco NAS Server Control Panel. It affects user management endpoints, where attackers can inject commands via username and batch user creation parameters, enabling execution of arbitrary shell commands with administrative privileges. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.
Authenticated attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows execution of arbitrary system commands as an administrator, potentially leading to full control over the NAS device, including data exfiltration, modification, or deletion, as well as disruption of services.
Advisories and references, including those from VulnCheck and Exploit-DB, document the issue with a proof-of-concept exploit available at https://www.exploit-db.com/exploits/49926. Vendor pages at http://www.thecus.com/ and http://www.thecus.com/product.php?PROD_ID=83 provide product details, while https://docs.unsafe-inline.com/0day/thecus-n4800eco-nas-server-control-panel-comand-injection and https://www.vulncheck.com/advisories/thecus-neco-nas-server-control-panel-command-injection offer further technical analysis; no specific patch details are outlined in the provided information.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2902
Vulnerability details
Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with…
more
administrative privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in network-accessible NAS control panel directly enables remote exploitation of public-facing app (T1190) for Unix shell command execution (T1059.004) and privilege escalation from low-priv to admin (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents command injection vulnerability by requiring validation of untrusted inputs like username and batch user creation parameters in the NAS control panel.
Ensures timely identification, reporting, and correction of the specific command injection flaw in the Thecus N4800Eco control panel.
Limits damage from injected administrative shell commands by enforcing least privilege on control panel processes and users.