CVE-2021-30127

Published: Apr 3, 2021Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: NVD

Description

TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround.

Affected (1)

Products: Terra Master: F2 210 Firmware

1 product

F2 210 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Terra Master F2 210 Firmware	Up to 2021-04-03

Running on/with	Platform Versions
Terra Master F2 210	All versions

References (4)

https://kn100.me/terramaster-nas-exposing-itself-over-upnp/

Source: cve@mitre.org

ExploitThird Party Advisory

https://news.ycombinator.com/item?id=26681984

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://kn100.me/terramaster-nas-exposing-itself-over-upnp/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://news.ycombinator.com/item?id=26681984

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.