FS-210
by Terra Master
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-45836 | 0.00 | — | 0.02 | Apr 25, 2022 | An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. | |||
| CVE-2021-30127 | 0.00 | — | 0.01 | Apr 3, 2021 | TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a… | |||
| CVE-2019-18195 | 0.00 | — | 0.02 | Oct 28, 2019 | An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation. | |||
| CVE-2019-18383 | 0.00 | — | 0.02 | Oct 23, 2019 | An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission. | |||
| CVE-2019-18384 | 0.00 | — | 0.01 | Oct 23, 2019 | An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring. | |||
| CVE-2019-18385 | 0.00 | — | 0.02 | Oct 23, 2019 | An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring. |
- CVE-2021-45836Apr 25, 2022risk 0.00cvss —epss 0.02
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.
- CVE-2021-30127Apr 3, 2021risk 0.00cvss —epss 0.01
TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a…
- CVE-2019-18195Oct 28, 2019risk 0.00cvss —epss 0.02
An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation.
- CVE-2019-18383Oct 23, 2019risk 0.00cvss —epss 0.02
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.
- CVE-2019-18384Oct 23, 2019risk 0.00cvss —epss 0.01
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.
- CVE-2019-18385Oct 23, 2019risk 0.00cvss —epss 0.02
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.