308 matches found
TerraMaster TOS 安全漏洞
TerraMaster TOS is a Linux-based operating system dedicated to the TerraMaster Cloud Storage NAS server from China's TerraMaster Corporation. A security vulnerability exists in TerraMaster TOS, which can be exploited by an attacker executing a request to the /module/api.php?mobile/webNasIPS...
TerraMaster TOS 安全漏洞
TerraMaster TOS is a Linux-based operating system from China's TerraMaster, dedicated to the TerraMaster Cloud Storage NAS server. TerraMaster TOS has a security vulnerability that can be exploited by sending special input to /tos/index.php?app/del to execute arbitrary commands as root. The...
TerraMaster FS-210安全漏洞
The Terramaster TerraMaster FS-210 is a NAS Network Attached Storage device from Tumi Electronic Technology Terramaster in Shenzhen, China. A security vulnerability exists in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, which can be exploited by sending a special command to...
PT-2022-12430 · Terramaster · Terramaster F2-210 +2
Name of the Vulnerable Software and Affected Versions: Terramaster F4-210, F2-210 TOS versions 4.2.X 4.2.15-2107141517 Description: The issue allows an attacker to self-sign session cookies if they know the target's MAC address and the user's password hash. Additionally, guest users, which are...
CVE-2021-45841
In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...
CVE-2021-45839
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...
CVE-2021-45837
TerraMaster F4-210/F2-210 devices running TOS 4.2.x (4.2.15-2107141517) are affected by CVE-2021-45837, which allows executing arbitrary commands as root via a specially crafted input to /tos/index.php?app/del. The vulnerability is part of an RCE chain described across multiple sources (including...
CVE-2021-45841
TerraMaster F4-210 and F2-210 running TOS 4.2.x (4.2.15-2107141517) are affected by CVE-2021-45841, enabling an attacker to self-sign session cookies by knowing the target’s MAC address and the user’s password hash. Guest accounts (disabled by default) can be abused with a null/empty hash to log ...
CVE-2021-45839
CVE-2021-45839 affects TerraMaster TOS 4.2.x on F4-210/F2-210. The vulnerability enables disclosure of sensitive data by issuing a request to /module/api.php?mobile/webNasIPS, exposing the first administrator hash and other details (MAC address, internal IP). Connected documents describe an explo...
Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System
It is an exploit module for CVE-2022-24990, a TerraMaster TOS Un...
Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System
It is an exploit module for a remote command execution vulnerabi...
Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System
CVE-2022-24990 CVE-2022-24990 TerraMaster TOS unauthenticate...
TerraMaster TOS Identity Bypass Vulnerability
TerraMaster is a world-renowned professional storage brand. TerraMaster TOS identity bypass vulnerability can be exploited by attackers to gain server privileges...
Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking
Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage TNAS devices that could be chained to attain unauthenticated remote code execution with the highest privileges. The issues reside in TOS, an abbreviation for TerraMaster Operating Syste...
Terramaster TOS 4.2.15 - Remote Code Execution Exploit
Exploit Title: Terramaster TOS 4.2.15 - Remote Code Execution RCE Unauthenticated Exploit Author: n0tme thatsn0tmysite Full Write-Up: https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ Vendor Homepage: https://www.terra-master.com/ Version: TOS 4.2.X 4.2.15-2107141517 Tested on: 4.2.15,...
Terramaster TOS 4.2.15 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Terramaster TOS 4.2.15 - Remote Code Execution RCE Unauthenticated Date: 12/24/2021 Exploit Author: n0tme thatsn0tmysite Full Write-Up: https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ Vendor Homepage: https://www.terra-master.com/ Version: TOS 4.2.X 4.2.15-2107141517 Test...
TerraMaster F4-210 / F2-210 Remote Code Execution Exploit
Terramaster F4-210 and F2-210 chained exploit that performs session crafting to achieve escalated privileges that then allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.x are affected. /bin/env python """ Product: Terramaster F4-210, Terramaster F2-210 Version: TOS...
Terramaster F4-210 / F2-210 Remote Code Execution
/bin/env python """ Product: Terramaster F4-210, Terramaster F2-210 Version: TOS 4.2.X 4.2.15-2107141517 Author: n0tme thatsn0tmysite Description: Chain from unauthenticated to root via session crafting. """ import urllib3 import requests import json import argparse import hashlib import time...
Weak password vulnerability in TOPSEC TOS WEB ADMINISTRATOR of Beijing Tianrongxin Technology Co.
Beijing Tianrongxin Technology Co., Ltd. is a leading provider of network security, big data and cloud services in China. A weak password vulnerability exists in TOPSEC TOS WEB ADMINISTRATOR of Beijing Tianrongxin Technology Co. Ltd, which can be exploited by attackers to obtain sensitive...
Tengfox TOS Behavioral Management System suffers from SQL Injection Vulnerability
Shenzhen Tengxu IOT Technology Co., Ltd. is an Internet technology company integrating R&D, design, manufacture, sales and service of commercial wireless network products. Tengfox TOS Behavior Management System has a SQL injection vulnerability, which can be exploited by attackers to obtain...