CVE-2025-14184

Name of the Vulnerable Software and Affected Versions SGAI Space1 NAS N1211DS versions through 1.0.915

Description A command injection issue exists in the gsaiagent component. The RENAME FILE/OPERATE FILE/NGNIX UPLOAD function within the /cgi-bin/JSONAPI file is susceptible to manipulation, leading to command injection. This attack can be initiated remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Versions through 1.0.915: As a temporary workaround, consider restricting access to the /cgi-bin/JSONAPI file to minimize the risk of exploitation.