TerraMaster TOS 4.2.15-2107141517
Approved changes feed: RSS · Atom
cpe:2.3:o:terra-master:tos:4.2.15-2107141517:*:*:*:*:*:*:*
part: o version: 4.2.15-2107141517 update: *
| Vendor | Terra Master (d89fe82a-9386-553b-9a83-7412a03e5915) |
|---|---|
| Product | Tos (d5bb3ff4-b89c-586d-8050-149b9baaebb8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-45842 |
vulnerable | 2026-06-03 14:45:39.033434 |
Details available
It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint.
Published: 2022-04-25T10:21:12.000Z
Updated: 2024-08-04T04:54:30.695Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45841 |
vulnerable | 2026-06-03 14:45:39.033104 |
Details available
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest.
Published: 2022-04-25T00:00:00.000Z
Updated: 2024-08-04T04:54:30.853Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45840 |
vulnerable | 2026-06-03 14:45:39.032792 |
Details available
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.
Published: 2022-04-25T10:25:41.000Z
Updated: 2024-08-04T04:54:30.926Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45839 |
vulnerable | 2026-06-03 14:45:39.032475 |
Details available
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint.
Published: 2022-04-25T00:00:00.000Z
Updated: 2024-08-04T04:54:31.406Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45837 |
vulnerable | 2026-06-03 14:45:39.032125 |
Details available
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.
Published: 2022-04-25T00:00:00.000Z
Updated: 2024-08-04T04:54:31.222Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45836 |
vulnerable | 2026-06-03 14:45:39.030668 |
Details available
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.
Published: 2022-04-25T10:41:38.000Z
Updated: 2024-08-04T04:54:29.486Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.