I just discovered another vulnerability that exists for at least the N5200, N7700, N8800 and 1U4500 series for all known FW releases.

Thecus eSupport ID: PXZ-753692

Because of insufficient parameter checking and shell arguments passed unescaped arbitary shell commands can be executed by an attacker (such as halting or rebooting the system or resetting the RAID or system configuration).

Until Thecus provides a fix for this issue, access from untrusted networks (such as the internet) should be disabled.

Exploits are available and no authentication is required.

/Falk