Kotsecon

**Name of the Vulnerable Software and Affected Versions** TerraMaster F2-210 devices through 2021-04-03 **Description** The issue concerns TerraMaster F2-210 devices making the admin web server accessible over the Internet on TCP port 8181 via UPnP, contrary to the documentation stating it is only available on the local network. **Recommendations** For TerraMaster F2-210 devices through 2021-04-03, consider manually editing /etc/upnp.json as a partial workaround, though it is undocumented.