CVE-2021-45836

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.
References
Link Resource
https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:terra-master:tos:4.2.15-2107141517:*:*:*:*:*:*:*
OR cpe:2.3:h:terra-master:f2-210:-:*:*:*:*:*:*:*
cpe:2.3:h:terra-master:f4-210:-:*:*:*:*:*:*:*

Information

Published : 2022-04-25 04:15

Updated : 2022-05-05 05:40


NVD link : CVE-2021-45836

Mitre link : CVE-2021-45836


JSON object : View

Advertisement

dedicated server usa

Products Affected

terra-master

  • tos
  • f2-210
  • f4-210