Vulnerabilites related to terra-master - f2-210
Vulnerability from fkie_nvd
Published
2023-02-07 18:15
Modified
2025-02-03 15:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
References
Impacted products
{
"cisaActionDue": "2023-03-03",
"cisaExploitAdd": "2023-02-10",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "TerraMaster OS Remote Command Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:terra-master:terramaster_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AE9591-B8DA-4A95-9734-1A58B95BB227",
"versionEndExcluding": "4.2.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:terra-master:f2-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A084599C-E4D9-4EC5-8103-68CDBB3604CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f2-221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEF4467-F859-45E8-8171-54350D7D53BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f2-223:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1C4291-64C7-4DCB-87A7-EE6A40146406",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f2-422:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B42338B7-B6C2-49ED-AF3B-6815317884FD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f2-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67EF611C-748C-4CB0-902B-1966B6C6A7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f4-421:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EDED618-8CF9-41C0-942F-9F5D002BE03E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f4-422:-:*:*:*:*:*:*:*",
"matchCriteriaId": "402856F7-D66E-4C49-9F32-384AE7A05C7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f4-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54A2F40A-F7B2-4B90-90A5-130533778329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f5-221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D062C23E-2584-41EE-B1CC-BDC95E59B914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f5-422:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1681757B-8E75-4B6A-838B-552B0BDC5EFE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:t12-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A349FBD-BC5E-4024-AD39-328B32F60926",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:t12-450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55C15FCA-8926-42B7-9281-9F1EF7DC87DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:t6-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E71B3D05-9532-4B1E-B396-E9FFB3A18293",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:t9-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A27209E-7A2A-45BA-AF03-4B7EEBD8F1D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:t9-450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFE2A59-4247-463E-B5C5-056C340F96E3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u12-322-9100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC50AFC-D452-44C6-ABF9-8E38031F63BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u12-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF38923-3F6B-4115-9574-42A5916E4A86",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u12-722-2224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1070B1-DACC-4A1F-BC42-F7915CF61E53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u16-322-9100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40A6B355-0AD1-4591-81D5-CDB020340D5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u16-722-2224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49C9AB29-58C3-4005-86B4-A31CE157DD8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u24-722-2224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "540EC60C-3285-4BFD-A617-14646988D361",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u4-111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E959DF-601B-4561-BC18-753A0C5FB13C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u4-211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18A93A74-C8B7-4146-A3FF-8B3678FBD5B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u4-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9220B428-CAF9-4EC1-92FB-FA81592D191C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u8-111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5125FD8D-9EC9-4B5C-9CB3-E3ADE59A7CB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u8-322-9100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8982E486-A1D5-411D-85D1-20E5A3DB8192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u8-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3491C51B-83EB-4D50-9B41-7E1F2B7A63AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u8-522-9400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47377993-E503-44F4-92C6-4B57A3E280B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u8-722-2224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39231C4D-8F9E-4A21-A5D9-F5DED81A6E00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending \"User-Agent: TNAS\" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response."
}
],
"id": "CVE-2022-24990",
"lastModified": "2025-02-03T15:15:13.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-07T18:15:09.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/172904/TerraMaster-TOS-4.2.29-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Release Notes"
],
"url": "https://forum.terra-master.com/en/viewforum.php?f=28"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/0xf4n9x/CVE-2022-24990"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=33732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/172904/TerraMaster-TOS-4.2.29-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Release Notes"
],
"url": "https://forum.terra-master.com/en/viewforum.php?f=28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/0xf4n9x/CVE-2022-24990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=33732"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-25 11:15
Modified
2024-11-21 06:33
Severity ?
Summary
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| terra-master | tos | 4.2.15-2107141517 | |
| terra-master | f2-210 | - | |
| terra-master | f4-210 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:terra-master:tos:4.2.15-2107141517:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5A84F8-F5E3-4600-A6CA-743445E589EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:terra-master:f2-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A084599C-E4D9-4EC5-8103-68CDBB3604CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f4-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0989872F-8F30-4F71-8D9F-BBD86D613296",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app."
},
{
"lang": "es",
"value": "Un atacante autenticado puede ejecutar comandos arbitrarios como root en Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) inyectando una entrada maliciosamente dise\u00f1ada en la petici\u00f3n mediante /tos/index.php?app/hand_app"
}
],
"id": "CVE-2021-45836",
"lastModified": "2024-11-21T06:33:07.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-25T11:15:07.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-03 18:15
Modified
2024-11-21 06:03
Severity ?
Summary
TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kn100.me/terramaster-nas-exposing-itself-over-upnp/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://news.ycombinator.com/item?id=26681984 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kn100.me/terramaster-nas-exposing-itself-over-upnp/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://news.ycombinator.com/item?id=26681984 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| terra-master | f2-210_firmware | * | |
| terra-master | f2-210 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:terra-master:f2-210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D091A66-FAF4-4DBC-8F6A-A063ECE59755",
"versionEndIncluding": "2021-04-03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:terra-master:f2-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A084599C-E4D9-4EC5-8103-68CDBB3604CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the \"It is only available on the local network\" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround."
},
{
"lang": "es",
"value": "Los dispositivos TerraMaster F2-210 hasta el 03-04-2021 utilizan UPnP para que el servidor web de administraci\u00f3n sea accesible a trav\u00e9s de Internet en el puerto TCP 8181, lo que podr\u00eda ser incoherente con la documentaci\u00f3n \"S\u00f3lo est\u00e1 disponible en la red local\". NOTA: editar manualmente /etc/upnp.json proporciona una soluci\u00f3n parcial pero no documentada"
}
],
"id": "CVE-2021-30127",
"lastModified": "2024-11-21T06:03:21.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-03T18:15:11.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://kn100.me/terramaster-nas-exposing-itself-over-upnp/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=26681984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://kn100.me/terramaster-nas-exposing-itself-over-upnp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=26681984"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-25 11:15
Modified
2024-11-21 06:33
Severity ?
Summary
It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| terra-master | tos | 4.2.15-2107141517 | |
| terra-master | f2-210 | - | |
| terra-master | f4-210 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:terra-master:tos:4.2.15-2107141517:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5A84F8-F5E3-4600-A6CA-743445E589EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:terra-master:f2-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A084599C-E4D9-4EC5-8103-68CDBB3604CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f4-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0989872F-8F30-4F71-8D9F-BBD86D613296",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It is possible to obtain the first administrator\u0027s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint."
},
{
"lang": "es",
"value": "Es posible obtener el primer hash de administrador configurado en Terramaster F4-210, F2-210 TOS versiones 4.2.X (4.2.15-2107141517) en el sistema, as\u00ed como otra informaci\u00f3n como la direcci\u00f3n MAC, la direcci\u00f3n IP interna, etc., llevando a cabo una petici\u00f3n al endpoint /module/api.php?mobile/wapNasIPS"
}
],
"id": "CVE-2021-45842",
"lastModified": "2024-11-21T06:33:08.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-25T11:15:07.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-25 11:15
Modified
2024-11-21 06:33
Severity ?
Summary
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| terra-master | tos | 4.2.15-2107141517 | |
| terra-master | f2-210 | - | |
| terra-master | f4-210 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:terra-master:tos:4.2.15-2107141517:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5A84F8-F5E3-4600-A6CA-743445E589EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:terra-master:f2-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A084599C-E4D9-4EC5-8103-68CDBB3604CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f4-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0989872F-8F30-4F71-8D9F-BBD86D613296",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del."
},
{
"lang": "es",
"value": "Es posible ejecutar comandos arbitrarios como root en Terramaster F4-210, F2-210 TOS versiones 4.2.X (4.2.15-2107141517) mediante el env\u00edo de una entrada espec\u00edficamente dise\u00f1ada a /tos/index.php?app/del"
}
],
"id": "CVE-2021-45837",
"lastModified": "2024-11-21T06:33:07.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-25T11:15:07.103",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-20 18:15
Modified
2024-11-21 06:51
Severity ?
Summary
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:terra-master:terramaster_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0AE9591-B8DA-4A95-9734-1A58B95BB227",
"versionEndExcluding": "4.2.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:terra-master:f2-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A084599C-E4D9-4EC5-8103-68CDBB3604CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f2-221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEF4467-F859-45E8-8171-54350D7D53BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f2-223:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1C4291-64C7-4DCB-87A7-EE6A40146406",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f2-422:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B42338B7-B6C2-49ED-AF3B-6815317884FD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f2-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67EF611C-748C-4CB0-902B-1966B6C6A7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f4-421:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EDED618-8CF9-41C0-942F-9F5D002BE03E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f4-422:-:*:*:*:*:*:*:*",
"matchCriteriaId": "402856F7-D66E-4C49-9F32-384AE7A05C7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f4-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54A2F40A-F7B2-4B90-90A5-130533778329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f5-221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D062C23E-2584-41EE-B1CC-BDC95E59B914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f5-422:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1681757B-8E75-4B6A-838B-552B0BDC5EFE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:t12-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A349FBD-BC5E-4024-AD39-328B32F60926",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:t12-450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55C15FCA-8926-42B7-9281-9F1EF7DC87DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:t6-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E71B3D05-9532-4B1E-B396-E9FFB3A18293",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:t9-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A27209E-7A2A-45BA-AF03-4B7EEBD8F1D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:t9-450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFE2A59-4247-463E-B5C5-056C340F96E3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u12-322-9100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC50AFC-D452-44C6-ABF9-8E38031F63BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u12-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF38923-3F6B-4115-9574-42A5916E4A86",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u12-722-2224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1070B1-DACC-4A1F-BC42-F7915CF61E53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u16-322-9100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40A6B355-0AD1-4591-81D5-CDB020340D5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u16-722-2224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49C9AB29-58C3-4005-86B4-A31CE157DD8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u24-722-2224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "540EC60C-3285-4BFD-A617-14646988D361",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u4-111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E959DF-601B-4561-BC18-753A0C5FB13C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u4-211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18A93A74-C8B7-4146-A3FF-8B3678FBD5B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u4-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9220B428-CAF9-4EC1-92FB-FA81592D191C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u8-111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5125FD8D-9EC9-4B5C-9CB3-E3ADE59A7CB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u8-322-9100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8982E486-A1D5-411D-85D1-20E5A3DB8192",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u8-423:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3491C51B-83EB-4D50-9B41-7E1F2B7A63AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u8-522-9400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47377993-E503-44F4-92C6-4B57A3E280B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:u8-722-2224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39231C4D-8F9E-4A21-A5D9-F5DED81A6E00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used."
}
],
"id": "CVE-2022-24989",
"lastModified": "2024-11-21T06:51:31.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-20T18:15:09.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/h8YKVKx21t/cve-2022-24990"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://forum.terra-master.com/en/viewforum.php?f=28"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/0xf4n9x/CVE-2022-24990"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/172904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/h8YKVKx21t/cve-2022-24990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://forum.terra-master.com/en/viewforum.php?f=28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/0xf4n9x/CVE-2022-24990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/172904"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-28 14:15
Modified
2024-11-21 04:32
Severity ?
Summary
An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gusrmsdlrh/CVE-2019-18195 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gusrmsdlrh/CVE-2019-18195 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| terra-master | f2-210_firmware | 4.0.19 | |
| terra-master | f2-210 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:terra-master:f2-210_firmware:4.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "23A7E43A-2BB3-482D-9899-7225F7D95D45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:terra-master:f2-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A084599C-E4D9-4EC5-8103-68CDBB3604CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos TerraMaster FS-210 versi\u00f3n 4.0.19. Los usuarios normales pueden utilizar el archivo 1.user.php para la elevaci\u00f3n de privilegios."
}
],
"id": "CVE-2019-18195",
"lastModified": "2024-11-21T04:32:48.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-28T14:15:10.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/gusrmsdlrh/CVE-2019-18195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/gusrmsdlrh/CVE-2019-18195"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-25 11:15
Modified
2024-11-21 06:33
Severity ?
Summary
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| terra-master | tos | 4.2.15-2107141517 | |
| terra-master | f2-210 | - | |
| terra-master | f4-210 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:terra-master:tos:4.2.15-2107141517:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5A84F8-F5E3-4600-A6CA-743445E589EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:terra-master:f2-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A084599C-E4D9-4EC5-8103-68CDBB3604CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f4-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0989872F-8F30-4F71-8D9F-BBD86D613296",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It is possible to obtain the first administrator\u0027s hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint."
},
{
"lang": "es",
"value": "Es posible obtener el primer hash de administrador establecido en el sistema en Terramaster F4-210, F2-210 TOS versiones 4.2.X (4.2.15-2107141517) as\u00ed como otra informaci\u00f3n como la direcci\u00f3n MAC, la direcci\u00f3n IP interna, etc. llevando a cabo una petici\u00f3n al endpoint /module/api.php?mobile/webNasIPS"
}
],
"id": "CVE-2021-45839",
"lastModified": "2024-11-21T06:33:07.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-25T11:15:07.147",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-25 11:15
Modified
2024-11-21 06:33
Severity ?
Summary
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| terra-master | tos | 4.2.15-2107141517 | |
| terra-master | f2-210 | - | |
| terra-master | f4-210 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:terra-master:tos:4.2.15-2107141517:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5A84F8-F5E3-4600-A6CA-743445E589EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:terra-master:f2-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A084599C-E4D9-4EC5-8103-68CDBB3604CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f4-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0989872F-8F30-4F71-8D9F-BBD86D613296",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop."
},
{
"lang": "es",
"value": "Es posible ejecutar comandos arbitrarios como root en Terramaster F4-210, F2-210 TOS versiones 4.2.X (4.2.15-2107141517) mediante el env\u00edo de una entrada espec\u00edficamente dise\u00f1ada a /tos/index.php?app/app_start_stop"
}
],
"id": "CVE-2021-45840",
"lastModified": "2024-11-21T06:33:07.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-25T11:15:07.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-25 11:15
Modified
2024-11-21 06:33
Severity ?
Summary
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| terra-master | tos | 4.2.15-2107141517 | |
| terra-master | f2-210 | - | |
| terra-master | f4-210 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:terra-master:tos:4.2.15-2107141517:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5A84F8-F5E3-4600-A6CA-743445E589EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:terra-master:f2-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A084599C-E4D9-4EC5-8103-68CDBB3604CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:terra-master:f4-210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0989872F-8F30-4F71-8D9F-BBD86D613296",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target\u0027s MAC address and the user\u0027s password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest."
},
{
"lang": "es",
"value": "En Terramaster F4-210, F2-210 TOS versiones 4.2.X (4.2.15-2107141517), un atacante puede autofirmar las cookies de sesi\u00f3n conociendo la direcci\u00f3n MAC del objetivo y el hash de la contrase\u00f1a del usuario. Los usuarios invitados (deshabilitados por defecto) pueden ser abusados usando un hash nulo/vac\u00edo y permitir a un atacante no autenticado iniciar sesi\u00f3n como invitado"
}
],
"id": "CVE-2021-45841",
"lastModified": "2024-11-21T06:33:08.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-25T11:15:07.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-30127
Vulnerability from cvelistv5
Published
2021-04-03 17:08
Modified
2024-08-03 22:24
Severity ?
EPSS score ?
Summary
TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kn100.me/terramaster-nas-exposing-itself-over-upnp/ | x_refsource_MISC | |
| https://news.ycombinator.com/item?id=26681984 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kn100.me/terramaster-nas-exposing-itself-over-upnp/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=26681984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the \"It is only available on the local network\" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-03T17:08:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kn100.me/terramaster-nas-exposing-itself-over-upnp/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=26681984"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the \"It is only available on the local network\" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kn100.me/terramaster-nas-exposing-itself-over-upnp/",
"refsource": "MISC",
"url": "https://kn100.me/terramaster-nas-exposing-itself-over-upnp/"
},
{
"name": "https://news.ycombinator.com/item?id=26681984",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=26681984"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30127",
"datePublished": "2021-04-03T17:08:16",
"dateReserved": "2021-04-03T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45842
Vulnerability from cvelistv5
Published
2022-04-25 10:21
Modified
2024-08-04 04:54
Severity ?
EPSS score ?
Summary
It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint.
References
| ▼ | URL | Tags |
|---|---|---|
| https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:30.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It is possible to obtain the first administrator\u0027s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-25T10:21:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It is possible to obtain the first administrator\u0027s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/",
"refsource": "MISC",
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45842",
"datePublished": "2022-04-25T10:21:12",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:30.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24989
Vulnerability from cvelistv5
Published
2023-08-20 00:00
Modified
2024-10-08 14:30
Severity ?
EPSS score ?
Summary
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.terra-master.com/en/viewforum.php?f=28"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/0xf4n9x/CVE-2022-24990"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/172904"
},
{
"tags": [
"x_transferred"
],
"url": "https://attackerkb.com/topics/h8YKVKx21t/cve-2022-24990"
},
{
"tags": [
"x_transferred"
],
"url": "https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:terra-master:terramaster_operating_system:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "terramaster_operating_system",
"vendor": "terra-master",
"versions": [
{
"lessThanOrEqual": "4.2.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24989",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:28:56.844478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:30:47.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-20T17:31:53.011294",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forum.terra-master.com/en/viewforum.php?f=28"
},
{
"url": "https://github.com/0xf4n9x/CVE-2022-24990"
},
{
"url": "https://packetstormsecurity.com/files/172904"
},
{
"url": "https://attackerkb.com/topics/h8YKVKx21t/cve-2022-24990"
},
{
"url": "https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24989",
"datePublished": "2023-08-20T00:00:00",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-10-08T14:30:47.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18195
Vulnerability from cvelistv5
Published
2019-10-28 13:55
Modified
2024-08-05 01:47
Severity ?
EPSS score ?
Summary
An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gusrmsdlrh/CVE-2019-18195 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gusrmsdlrh/CVE-2019-18195"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T13:55:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gusrmsdlrh/CVE-2019-18195"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gusrmsdlrh/CVE-2019-18195",
"refsource": "MISC",
"url": "https://github.com/gusrmsdlrh/CVE-2019-18195"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18195",
"datePublished": "2019-10-28T13:55:04",
"dateReserved": "2019-10-18T00:00:00",
"dateUpdated": "2024-08-05T01:47:13.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45839
Vulnerability from cvelistv5
Published
2022-04-25 00:00
Modified
2024-08-04 04:54
Severity ?
EPSS score ?
Summary
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It is possible to obtain the first administrator\u0027s hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45839",
"datePublished": "2022-04-25T00:00:00",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:31.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45840
Vulnerability from cvelistv5
Published
2022-04-25 10:25
Modified
2024-08-04 04:54
Severity ?
EPSS score ?
Summary
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.
References
| ▼ | URL | Tags |
|---|---|---|
| https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:30.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-25T10:25:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/",
"refsource": "MISC",
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45840",
"datePublished": "2022-04-25T10:25:41",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:30.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45841
Vulnerability from cvelistv5
Published
2022-04-25 00:00
Modified
2024-08-04 04:54
Severity ?
EPSS score ?
Summary
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:30.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target\u0027s MAC address and the user\u0027s password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45841",
"datePublished": "2022-04-25T00:00:00",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:30.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45836
Vulnerability from cvelistv5
Published
2022-04-25 10:41
Modified
2024-08-04 04:54
Severity ?
EPSS score ?
Summary
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.
References
| ▼ | URL | Tags |
|---|---|---|
| https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:29.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-25T10:41:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/",
"refsource": "MISC",
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45836",
"datePublished": "2022-04-25T10:41:38",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:29.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24990
Vulnerability from cvelistv5
Published
2023-02-07 00:00
Modified
2025-02-03 14:29
Severity ?
EPSS score ?
Summary
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.terra-master.com/en/viewforum.php?f=28"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=33732"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/0xf4n9x/CVE-2022-24990"
},
{
"tags": [
"x_transferred"
],
"url": "https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172904/TerraMaster-TOS-4.2.29-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-24990",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-22T05:01:00.715241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-02-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-24990"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T14:29:35.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending \"User-Agent: TNAS\" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forum.terra-master.com/en/viewforum.php?f=28"
},
{
"url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=33732"
},
{
"url": "https://github.com/0xf4n9x/CVE-2022-24990"
},
{
"url": "https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/"
},
{
"url": "http://packetstormsecurity.com/files/172904/TerraMaster-TOS-4.2.29-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24990",
"datePublished": "2023-02-07T00:00:00.000Z",
"dateReserved": "2022-02-14T00:00:00.000Z",
"dateUpdated": "2025-02-03T14:29:35.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45837
Vulnerability from cvelistv5
Published
2022-04-25 00:00
Modified
2024-08-04 04:54
Severity ?
EPSS score ?
Summary
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45837",
"datePublished": "2022-04-25T00:00:00",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:31.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}