Lucene search
K

7 matches found

Packet Storm
Packet Storm
added 2023/06/12 12:0 a.m.447 views

TerraMaster TOS 4.2.15 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.', 'Description...

10CVSS7.1AI score0.15914EPSS
Exploits6
0day.today
0day.today
added 2023/06/12 12:0 a.m.368 views

TerraMaster TOS 4.2.15 Remote Code Execution Exploit

This Metasploit module is a Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.15 and below are affected. This module requires Metasploit: https://metasploit.com/download...

9.8CVSS7.5AI score0.15914EPSS
Exploits6
Metasploit
Metasploit
added 2023/06/09 7:50 p.m.338 views

TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.

Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.15 and below are affected. CVE-2021-45839 is exploited to obtain the first administrator's hash set up on the system as we...

10CVSS8.6AI score0.15914EPSS
Exploits6
Circl
Circl
added 2023/06/09 5:46 p.m.9 views

CVE-2021-45839

creationtimestamp| type| source ---|---|--- 2023-06-09 17:46:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/terramasterunauthrcecve202145837.rb 2025-02-06 03:13:45+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23...

6.5CVSS7AI score0.09445EPSS
Exploits4References1
OpenVAS
OpenVAS
added 2023/02/22 12:0 a.m.31 views

Terramaster TOS < 4.2.31 Multiple Information Disclosure Vulnerabilities - Active Check

Terramaster TOS is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

9.8CVSS7.8AI score0.8405EPSS
Exploits15References4
OSV
OSV
added 2022/04/25 11:15 a.m.2 views

CVE-2021-45839

It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...

6.5CVSS5.8AI score0.09445EPSS
Exploits4References2
CVE
CVE
added 2022/04/25 12:0 a.m.197 views

CVE-2021-45839

CVE-2021-45839 affects TerraMaster TOS 4.2.x on F4-210/F2-210. The vulnerability enables disclosure of sensitive data by issuing a request to /module/api.php?mobile/webNasIPS, exposing the first administrator hash and other details (MAC address, internal IP). Connected documents describe an explo...

6.5CVSS7.6AI score0.09445EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder