TerraMaster

Vulnerability Description

Description: TerraMaster TOS V3.X.X-V4.1.X Password recovery function is defective.An attacker can receive a verification code by forging a mailbox, and can reset the administrator user password.

Vulnerability Name: TerraMaster TOS V3.X.X-V4.1.X Password recovery function is defective

Product Homepage: https://www.terra-master.com

Version: V3.X.X-V4.1.X

Vulnerability details

1.Password recovery URL: http://xx.xx.xx.xx:8181/wizard/getpass.php

2.return in the correct email address after filling in the username.

3.Open the packet capture and click Send Verification Code to change the admin's mailbox that correctly receives the verification code to a fake mailbox.

4.Successfully received the correct verification code。

5.Submit a new password and submit a request for modification.

6.Password modification request submitted successfully。

7.Successful login system.

Examples

1. Fingerprint information

Default Port: 8181

X-Powered-By: TerraMaster

Server: TOS/1.X.X

At least 10,000 devices worldwide are affected.

2. some examples

http://216.246.156.70:8181/wizard/getpass.php

http://73.53.49.147:8181/wizard/getpass.php

http://221.214.197.123:8181/wizard/getpass.php

http://81.159.86.207:8181/wizard/getpass.php

http://24.47.71.239:8181/wizard/getpass.php

http://174.52.100.60:8181/wizard/getpass.php

http://123.134.153.13:8181/wizard/getpass.php

http://68.33.58.49:8181/wizard/getpass.php

http://121.131.218.129:8181/wizard/getpass.php

http://220.97.117.87:8181/wizard/getpass.php