7 matches found
TerraMaster TOS 4.2.15 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.', 'Description...
TerraMaster TOS 4.2.15 Remote Code Execution Exploit
This Metasploit module is a Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.15 and below are affected. This module requires Metasploit: https://metasploit.com/download...
TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.
Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.15 and below are affected. CVE-2021-45839 is exploited to obtain the first administrator's hash set up on the system as we...
CVE-2021-45839
creationtimestamp| type| source ---|---|--- 2023-06-09 17:46:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/terramasterunauthrcecve202145837.rb 2025-02-06 03:13:45+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23...
Terramaster TOS < 4.2.31 Multiple Information Disclosure Vulnerabilities - Active Check
Terramaster TOS is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...
CVE-2021-45839
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...
CVE-2021-45839
CVE-2021-45839 affects TerraMaster TOS 4.2.x on F4-210/F2-210. The vulnerability enables disclosure of sensitive data by issuing a request to /module/api.php?mobile/webNasIPS, exposing the first administrator hash and other details (MAC address, internal IP). Connected documents describe an explo...