# Thecus NAS Post Auth Command Injection

Thecus N4800Eco NAS server control panel suffers from a command injection vulnerability.

FOFA **query rule**: [Elecom-Thecus-NAS](https://fofa.so/result?qbase64=YXBwPSJFbGVjb20tVGhlY3VzLU5BUyI%3D)

# Demo

![Thecus_NAS_Post_Auth_Command_Injection](Thecus_NAS_Post_Auth_Command_Injection.gif)