An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
terra-master tos 4.2.15-2107141517 |