Lucene search

[email protected]CVE-2021-45842

HistoryApr 25, 2022 - 11:15 a.m.

CVE-2021-45842

2022-04-2511:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

information security

terramaster f4-210

terramaster f2-210

tos 4.2.x

cve-2021-45842

vulnerability

api endpoint

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.6%

JSON

It is possible to obtain the first administrator’s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint.

CPENameOperatorVersion
terra-master:tosterra-master toseq4.2.15-2107141517

CPE	Name	Operator	Version
terra-master:tos	terra-master tos	eq	4.2.15-2107141517

References

thatsn0tmy.site/posts/2021/12/how-to-summon-rces/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for CVE-2021-45842

cvelist1 prion1 openvas1