Sign-up

ID

VAR-202104-1074


CVE

CVE-2021-30127


TITLE

TerraMaster F2-210  Unauthorized authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-005353

DESCRIPTION

TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround. TerraMaster F2-210 The device contains a vulnerability related to unauthorized authentication.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-30127 // JVNDB: JVNDB-2021-005353 // VULMON: CVE-2021-30127

AFFECTED PRODUCTS

vendor:terra mastermodel:f2-210scope:lteversion:2021-04-03

Trust: 1.0

vendor:terramastermodel:f2-210scope:lteversion:f2-210 firmware 2021/04/03 until

Trust: 0.8

vendor:terramastermodel:f2-210scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-005353 // NVD: CVE-2021-30127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30127
value: HIGH

Trust: 1.0

NVD: CVE-2021-30127
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-129
value: HIGH

Trust: 0.6

VULMON: CVE-2021-30127
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-30127
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-30127
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-30127
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-30127 // JVNDB: JVNDB-2021-005353 // CNNVD: CNNVD-202104-129 // NVD: CVE-2021-30127

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Bad authentication (CWE-863) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-005353 // NVD: CVE-2021-30127

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-129

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-129

PATCH

title:top pageurl:https://www.terra-master.com/jp/

Trust: 0.8

title:TerraMaster F2-210 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146651

Trust: 0.6

sources: JVNDB: JVNDB-2021-005353 // CNNVD: CNNVD-202104-129

EXTERNAL IDS

db:NVDid:CVE-2021-30127

Trust: 3.3

db:JVNDBid:JVNDB-2021-005353

Trust: 0.8

db:CNNVDid:CNNVD-202104-129

Trust: 0.6

db:VULMONid:CVE-2021-30127

Trust: 0.1

sources: VULMON: CVE-2021-30127 // JVNDB: JVNDB-2021-005353 // CNNVD: CNNVD-202104-129 // NVD: CVE-2021-30127

REFERENCES

url:https://kn100.me/terramaster-nas-exposing-itself-over-upnp/

Trust: 2.5

url:https://news.ycombinator.com/item?id=26681984

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30127

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-30127 // JVNDB: JVNDB-2021-005353 // CNNVD: CNNVD-202104-129 // NVD: CVE-2021-30127

SOURCES

db:VULMONid:CVE-2021-30127
db:JVNDBid:JVNDB-2021-005353
db:CNNVDid:CNNVD-202104-129
db:NVDid:CVE-2021-30127

LAST UPDATE DATE

2024-11-23T23:11:06.014000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-30127date:2021-04-14T00:00:00
db:JVNDBid:JVNDB-2021-005353date:2021-12-13T08:21:00
db:CNNVDid:CNNVD-202104-129date:2022-07-14T00:00:00
db:NVDid:CVE-2021-30127date:2024-11-21T06:03:21.617

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-30127date:2021-04-03T00:00:00
db:JVNDBid:JVNDB-2021-005353date:2021-12-13T00:00:00
db:CNNVDid:CNNVD-202104-129date:2021-04-03T00:00:00
db:NVDid:CVE-2021-30127date:2021-04-03T18:15:11.983