PT-2024-25958 · Terramaster · Terramaster Tos
Shinnai
·
Published
2024-06-14
·
Updated
2024-07-03
·
CVE-2024-34539
CVSS v3.1
9.4
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
TerraMaster TOS firmware versions through 5.1
Description
The issue concerns hardcoded credentials in the firmware, allowing a remote attacker to login to the mail or webmail server. These credentials can also be used to access the administration panel and perform privileged actions.
Recommendations
For TerraMaster TOS firmware versions through 5.1, update to a version that removes the hardcoded credentials to prevent unauthorized access.
As a temporary workaround, consider restricting access to the administration panel and mail or webmail servers to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Terramaster Tos