PT-2021-18618 · Terramaster · Terramaster F2-210

Kotsecon

Published

2021-04-03

Updated

2022-07-12

CVE-2021-30127

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TerraMaster F2-210 devices through 2021-04-03

Description The issue concerns TerraMaster F2-210 devices making the admin web server accessible over the Internet on TCP port 8181 via UPnP, contrary to the documentation stating it is only available on the local network.

Recommendations For TerraMaster F2-210 devices through 2021-04-03, consider manually editing /etc/upnp.json as a partial workaround, though it is undocumented.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-30127

Affected Products

Terramaster F2-210

PT-2021-18618 · Terramaster · Terramaster F2-210

CVE-2021-30127

Related Identifiers

Affected Products

References · 5