CVE-2021-45837

Name of the Vulnerable Software and Affected Versions Terramaster F4-210, F2-210 TOS version 4.2.X (4.2.15-2107141517)

Description The issue allows for the execution of arbitrary commands as root by sending a specifically crafted input to the "/tos/index.php?app/del" API endpoint.

Recommendations For Terramaster F4-210, F2-210 TOS version 4.2.X (4.2.15-2107141517), as a temporary workaround, consider restricting access to the "/tos/index.php?app/del" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.