Critical severity9.8NVD Advisory· Published Aug 4, 2018· Updated Jun 17, 2026
CVE-2018-14417
CVE-2018-14417
Description
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <4.0.3
Patches
Vulnerability mechanics
References
5- seclists.org/fulldisclosure/2018/Jul/85nvdExploitMailing ListThird Party Advisory
- www.coresecurity.com/advisories/softnas-cloud-os-command-injectionnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/45097/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/104914nvdThird Party AdvisoryVDB Entry
- docs.softnas.com/display/SD/Release+NotesnvdVendor Advisory
News mentions
0No linked articles in our index yet.