CVE-2021-45841

Name of the Vulnerable Software and Affected Versions Terramaster F4-210, F2-210 TOS versions 4.2.X (4.2.15-2107141517)

Description The issue allows an attacker to self-sign session cookies if they know the target's MAC address and the user's password hash. Additionally, guest users, which are disabled by default, can be exploited using a null or empty hash, enabling an unauthenticated attacker to log in as a guest.

Recommendations For Terramaster F4-210, F2-210 TOS version 4.2.15-2107141517, consider disabling guest user accounts to prevent exploitation. As a temporary workaround, restrict access to the login functionality until a patch is available. Avoid using null or empty hashes for guest users to minimize the risk of exploitation.