Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:10 p.m.7 views

CVE-2021-45841

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

8.1CVSS7.1AI score0.08289EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/06/12 12:0 a.m.452 views

TerraMaster TOS 4.2.15 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.', 'Description...

10CVSS7.1AI score0.15727EPSS
Exploits6
0day.today
0day.today
added 2023/06/12 12:0 a.m.368 views

TerraMaster TOS 4.2.15 Remote Code Execution Exploit

This Metasploit module is a Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.15 and below are affected. This module requires Metasploit: https://metasploit.com/download...

9.8CVSS7.5AI score0.15727EPSS
Exploits6
Metasploit
Metasploit
added 2023/06/09 7:50 p.m.340 views

TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.

Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.15 and below are affected. CVE-2021-45839 is exploited to obtain the first administrator's hash set up on the system as we...

10CVSS8.6AI score0.15727EPSS
Exploits6
Circl
Circl
added 2023/06/09 5:46 p.m.11 views

CVE-2021-45841

creationtimestamp| type| source ---|---|--- 2023-06-09 17:46:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/terramasterunauthrcecve202145837.rb 2025-02-06 03:13:45+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23...

8.1CVSS8.8AI score0.08289EPSS
Exploits4References1
CVE
CVE
added 2022/04/25 12:0 a.m.197 views

CVE-2021-45841

TerraMaster F4-210 and F2-210 running TOS 4.2.x (4.2.15-2107141517) are affected by CVE-2021-45841, enabling an attacker to self-sign session cookies by knowing the target’s MAC address and the user’s password hash. Guest accounts (disabled by default) can be abused with a null/empty hash to log ...

8.1CVSS8.9AI score0.08289EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder