A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in command injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
References
| Link | Resource |
|---|---|
| https://vuldb.com/?ctiid.334489 | Permissions Required VDB Entry |
| https://vuldb.com/?id.334489 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.697143 | Third Party Advisory VDB Entry |
| https://www.notion.so/2af6cf4e528a8001935bcdd9e77f1ebc | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
12 Dec 2025, 12:47
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:zspace:q2c_nas_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zspace:q2c_nas:-:*:*:*:*:*:*:* |
|
| First Time |
Zspace q2c Nas
Zspace Zspace q2c Nas Firmware |
|
| References | () https://vuldb.com/?ctiid.334489 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.334489 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.697143 - Third Party Advisory, VDB Entry | |
| References | () https://www.notion.so/2af6cf4e528a8001935bcdd9e77f1ebc - Exploit, Third Party Advisory |
05 Dec 2025, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-05 22:15
Updated : 2025-12-12 12:47
NVD link : CVE-2025-14107
Mitre link : CVE-2025-14107
CVE.ORG link : CVE-2025-14107
JSON object : View
Products Affected
zspace
- q2c_nas_firmware
- q2c_nas