VYPR

FS-210

by Terra Master

CVEs (6)

  • CVE-2021-45836Apr 25, 2022
    risk 0.00cvss epss 0.02

    An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.

  • CVE-2021-30127Apr 3, 2021
    risk 0.00cvss epss 0.01

    TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a…

  • CVE-2019-18195Oct 28, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation.

  • CVE-2019-18383Oct 23, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.

  • CVE-2019-18384Oct 23, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.

  • CVE-2019-18385Oct 23, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.