SoftNAS Cloud OS Command Injection Exploit

SoftNAS Cloud is a software-defined NAS filer delivered as a virtual storage appliance that runs within public, private or hybrid clouds. SoftNAS Cloud provides enterprise-grade NAS capabilities, including encryption, snapshots, rapid rollbacks, and cross-zone high-availability with automatic failover. A command injection vulnerability was found in the web administration console. In particular, snserv script did not sanitize some input parameters before executing a system command.
Platform: 
Vulnerabilty ID: 
CVE-2018-14417
Released Date: 
Tuesday, August 14, 2018 - 19:00