EUVD-2021-17067

Malware in sbrugna...

EUVD-2021-32560

Malicious code in bioql PyPI...

EUVD-2021-32554

Malicious code in bioql PyPI...

CVE-2021-45841

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

CVE-2021-30127

TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but...

VulnCheck KEV: CVE-2021-45837

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending a specifically crafted input to /tos/index.php?app/del...

CVE-2021-45841

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

CVE-2021-45840

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending specifically crafted input to /tos/index.php?app/appstartstop...

CVE-2021-45839

It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...

CVE-2021-45840

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending specifically crafted input to /tos/index.php?app/appstartstop...

CVE-2021-45837

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending a specifically crafted input to /tos/index.php?app/del...

CVE-2021-45836

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...

CVE-2021-45837

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending a specifically crafted input to /tos/index.php?app/del...

Default configuration

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

Design/Logic Flaw

It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...

Design/Logic Flaw

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...

CVE-2021-45836

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...

CVE-2021-45842

It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint...

CVE-2021-45842

The CVE-2021-45842 issue affects Terramaster TOS on F4-210 and F2-210 devices running 4.2.X (4.2.15-2107141517). A request to the endpoint /module/api.php?mobile/wapNasIPS can disclose sensitive data, including the first administrator hash and other network identifiers (MAC address, internal IP)....

TerraMaster FS-210安全漏洞

The Terramaster TerraMaster FS-210 is a NAS Network Attached Storage device from Tumi Electronic Technology Terramaster in Shenzhen, China. A security vulnerability exists in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, which can be exploited by sending a special command to...