2 matches found
CVE-2021-45836
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...
CVE-2021-45836
CVE-2021-45836 affects Terramaster F4-210 and F2-210 with TOS 4.2.X (4.2.15-2107141517). An authenticated attacker can inject a crafted input via /tos/index.php?app/hand_app to execute arbitrary commands as root. The vulnerability arises from the input handling in the affected application, enabli...