David Stubley

**Name of the Vulnerable Software and Affected Versions** Thecus NAS server N8800 version 5.03.01 **Description** The issue allows remote attackers to execute arbitrary commands. This is achieved through a get userid action that contains shell metacharacters in the `username` parameter. **Recommendations** For Thecus NAS server N8800 version 5.03.01, avoid using the `username` parameter in the get userid action until the issue is resolved. As a temporary workaround, consider restricting access to the get userid action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Thecus NAS server N8800 version 5.03.01 **Description** The issue allows remote attackers to discover the administrator credentials by reading the cleartext content of the ADS/NT Support page. **Recommendations** For version 5.03.01, consider restricting access to the ADS/NT Support page until a patch is available to prevent unauthorized disclosure of administrator credentials.

**Name of the Vulnerable Software and Affected Versions** Thecus NAS server N8800 version 5.03.01 **Description** The issue concerns the use of cleartext credentials for administrative authentication. This allows remote attackers to obtain sensitive information by sniffing the network. **Recommendations** For Thecus NAS server N8800 version 5.03.01, consider updating the firmware to a version that uses encrypted credentials for administrative authentication. As a temporary workaround, restrict access to the administrative interface to minimize the risk of exploitation.