VYPR

Q2C NAS

by Zspace

CVEs (4)

  • CVE-2025-69431Feb 3, 2026
    risk 0.00cvss epss 0.00

    The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the…

  • CVE-2025-14108Dec 5, 2025
    risk 0.00cvss epss 0.09

    A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. It is…

  • CVE-2025-14107Dec 5, 2025
    risk 0.00cvss epss 0.11

    A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in…

  • CVE-2025-14106Dec 5, 2025
    risk 0.00cvss epss 0.11

    A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safe_dir leads to command injection. The attack is…