High severity8.8NVD Advisory· Published Jan 16, 2026· Updated Apr 15, 2026

CVE-2021-47816

Description

Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with administrative privileges.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.thecus.comnvd
www.thecus.com/product.phpnvd
docs.unsafe-inline.com/0day/thecus-n4800eco-nas-server-control-panel-comand-injectionnvd
www.exploit-db.com/exploits/49926nvd
www.vulncheck.com/advisories/thecus-neco-nas-server-control-panel-command-injectionnvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000