4.0.19

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

terra-master

NVD

Published: 2021-04-03

Updated: 2022-07-12

Summary

TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround.

Vulnerable Configurations

Part	Description	Count
OS	Terra-Master Terra Master F2 210 Firmware - Terra Master F2 210 Firmware 4.0.19 Terra Master F2 210 Firmware 2021-04-03	3
Hardware	Terra-Master Terra Master F2 210 -	1

References

https://kn100.me/terramaster-nas-exposing-itself-over-upnp/
https://news.ycombinator.com/item?id=26681984