Sign-up

ID

VAR-201706-1134


TITLE

TerraMaster NAS TOS arbitrary command execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-12242

DESCRIPTION

TerraMaster is a high-end professional storage development and sales company headquartered in New York, USA, has more than 16 years of history, is a famous professional storage brand in the United States. A security vulnerability exists in TerraMasterNASTOS version 3.0.30 and below. Allows an attacker to exploit a vulnerability without any command to log in to authorize execution.

Trust: 0.6

sources: CNVD: CNVD-2017-12242

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-12242

AFFECTED PRODUCTS

vendor:terramastermodel:nas tosscope:lteversion:<=3.0.30

Trust: 0.6

sources: CNVD: CNVD-2017-12242

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-12242
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2017-12242
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-12242

EXTERNAL IDS

db:CNVDid:CNVD-2017-12242

Trust: 0.6

sources: CNVD: CNVD-2017-12242

REFERENCES

url:https://www.evilsocket.net/2017/05/30/terramaster-nas-unauthenticated-rce-as-root/

Trust: 0.6

sources: CNVD: CNVD-2017-12242

SOURCES

db:CNVDid:CNVD-2017-12242

LAST UPDATE DATE

2022-05-04T10:04:42.187000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-12242date:2017-06-30T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-12242date:2017-06-30T00:00:00