CVE-2021-30127
Last modified
CVE-2021-30127 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround.. EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Terra-Master | F2-210 Firmware | <= 2021-04-03 |
References
- https://kn100.me/terramaster-nas-exposing-itself-over-upnp/Exploit, Third Party Advisory
- https://news.ycombinator.com/item?id=26681984Issue Tracking, Third Party Advisory
- https://kn100.me/terramaster-nas-exposing-itself-over-upnp/Exploit, Third Party Advisory
- https://news.ycombinator.com/item?id=26681984Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-30127?
How severe is CVE-2021-30127?
How do I fix CVE-2021-30127?
Are you affected by CVE-2021-30127?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST