Just to let you know guys that is normal to be infected.. this terramaster nas is a extremely BIG hole of vulnerabilities.
This is a report of the upnp service (which is the basic service that I have up and running)
49152/tcp open upnp Portable SDK for UPnP devices 1.6.22 (Linux 4.13.16; UPnP 1.0)
| vulners:
| cpe:/o:linux:linux_kernel:4.13.16:
| CVE-2019-14901 10.0 https://vulners.com/cve/CVE-2019-14901
| PACKETSTORM:135372 9.3 https://vulners.com/packetstorm/PACKETSTORM:135372 *EXPLOIT*
| CVE-2018-20836 9.3 https://vulners.com/cve/CVE-2018-20836
| CVE-2015-0571 9.3 https://vulners.com/cve/CVE-2015-0571
| CVE-2015-0570 9.3 https://vulners.com/cve/CVE-2015-0570
| CVE-2015-0569 9.3 https://vulners.com/cve/CVE-2015-0569
| 1337DAY-ID-25771 9.3 https://vulners.com/zdt/1337DAY-ID-25771 *EXPLOIT*
| CVE-2019-11477 7.8 https://vulners.com/cve/CVE-2019-11477
| CVE-2018-5391 7.8 https://vulners.com/cve/CVE-2018-5391
| CVE-2018-5390 7.8 https://vulners.com/cve/CVE-2018-5390
| EXPLOITPACK:669B77DE42FC41B271BD53577DECE916 7.5 https://vulners.com/exploitpack/EXPLOIT ... 577DECE916 *EXPLOIT*
| CVE-2019-14895 7.5 https://vulners.com/cve/CVE-2019-14895
| CVE-2019-14835 7.2 https://vulners.com/cve/CVE-2019-14835
| CVE-2018-8781 7.2 https://vulners.com/cve/CVE-2018-8781
| CVE-2018-6555 7.2 https://vulners.com/cve/CVE-2018-6555
| CVE-2018-14619 7.2 https://vulners.com/cve/CVE-2018-14619
| CVE-2018-1068 7.2 https://vulners.com/cve/CVE-2018-1068
| CVE-2017-15115 7.2 https://vulners.com/cve/CVE-2017-15115
| EXPLOITPACK:D8B1BFCB08D0FAA92CCBDBD01EF88A3F 6.9 https://vulners.com/exploitpack/EXPLOIT ... D01EF88A3F *EXPLOIT*
| EDB-ID:44305 6.9 https://vulners.com/exploitdb/EDB-ID:44305 *EXPLOIT*
| CVE-2020-10757 6.9 https://vulners.com/cve/CVE-2020-10757
| CVE-2018-5814 6.9 https://vulners.com/cve/CVE-2018-5814
| CVE-2017-1000405 6.9 https://vulners.com/cve/CVE-2017-1000405
| CVE-2018-18559 6.8 https://vulners.com/cve/CVE-2018-18559
| CVE-2018-1000026 6.8 https://vulners.com/cve/CVE-2018-1000026
| CVE-2018-1000204 6.3 https://vulners.com/cve/CVE-2018-1000204
| CVE-2017-1000407 6.1 https://vulners.com/cve/CVE-2017-1000407
| CVE-2019-19332 5.6 https://vulners.com/cve/CVE-2019-19332
| CVE-2019-18282 5.0 https://vulners.com/cve/CVE-2019-18282
| CVE-2019-16921 5.0 https://vulners.com/cve/CVE-2019-16921
| CVE-2019-11478 5.0 https://vulners.com/cve/CVE-2019-11478
| CVE-2019-10639 5.0 https://vulners.com/cve/CVE-2019-10639
| CVE-2018-6412 5.0 https://vulners.com/cve/CVE-2018-6412
| CVE-2018-16871 5.0 https://vulners.com/cve/CVE-2018-16871
| CVE-2017-1000410 5.0 https://vulners.com/cve/CVE-2017-1000410
| CVE-2018-6554 4.9 https://vulners.com/cve/CVE-2018-6554
| CVE-2018-5803 4.9 https://vulners.com/cve/CVE-2018-5803
| CVE-2018-18690 4.9 https://vulners.com/cve/CVE-2018-18690
| CVE-2018-14646 4.9 https://vulners.com/cve/CVE-2018-14646
| CVE-2018-1130 4.9 https://vulners.com/cve/CVE-2018-1130
| CVE-2018-10074 4.9 https://vulners.com/cve/CVE-2018-10074
| CVE-2018-10021 4.9 https://vulners.com/cve/CVE-2018-10021
| CVE-2010-5321 4.9 https://vulners.com/cve/CVE-2010-5321
| 1337DAY-ID-31841 4.9 https://vulners.com/zdt/1337DAY-ID-31841 *EXPLOIT*
| 1337DAY-ID-31840 4.9 https://vulners.com/zdt/1337DAY-ID-31840 *EXPLOIT*
| PACKETSTORM:141914 4.6 https://vulners.com/packetstorm/PACKETSTORM:141914 *EXPLOIT*
| EDB-ID:41761 4.6 https://vulners.com/exploitdb/EDB-ID:41761 *EXPLOIT*
| CVE-2020-14390 4.6 https://vulners.com/cve/CVE-2020-14390
| CVE-2018-20976 4.6 https://vulners.com/cve/CVE-2018-20976
| CVE-2018-20854 4.6 https://vulners.com/cve/CVE-2018-20854
| CVE-2018-18281 4.6 https://vulners.com/cve/CVE-2018-18281
| CVE-2018-10853 4.6 https://vulners.com/cve/CVE-2018-10853
Bad thing about this NAS is that the setup just sucks, there is no chance to create a firewall and there is no clear rules to block ALL incoming traffic from outside.
My TerraMaster F2-210 has been infected by Ransomware eCh0raix / QNAPCrypt
- sianderson
- Posts: 293
- Joined: 02 Aug 2020, 03:42
Re: My TerraMaster F2-210 has been infected by Ransomware eCh0raix / QNAPCrypt
while i am sure you are correct from an inside network scan from my understanding these are only susceptible by someone opening a port from the outside world directly to the nas drive (but also intrestingly a couple of those on your list refer to Wifi Chipset, I'm not aware the F2-210 has a wifi chipset on it?) so I'm wondering if your scan is getting confused or just listing general vulnerabilities with the Kernel version rather that actual risks posed by the NAS unit itself?
i understand UPNP concepts and the only port that my F2-210 had opened up on my router was for PLEX when i accidentally said yes to asking for it to be accessible to the outside world, other than that no one is able to access the nas drive from the internet, i guess perhaps the more sensible option would be for internet service providers to turn off UPNP by default on the router to make things more secure and only enable it for people who want to use that feature, but that is more about the ISP making a network insecure rather than a reflection on TM
just i have noticed there is a beta version of a new TOS version that uses a newer kernel (at least for x86 models) so TM are moving in the right direction which i assume once this becomes mainstream would reduce your scan list
i understand UPNP concepts and the only port that my F2-210 had opened up on my router was for PLEX when i accidentally said yes to asking for it to be accessible to the outside world, other than that no one is able to access the nas drive from the internet, i guess perhaps the more sensible option would be for internet service providers to turn off UPNP by default on the router to make things more secure and only enable it for people who want to use that feature, but that is more about the ISP making a network insecure rather than a reflection on TM
just i have noticed there is a beta version of a new TOS version that uses a newer kernel (at least for x86 models) so TM are moving in the right direction which i assume once this becomes mainstream would reduce your scan list
F2-210
4.2.43
4.2.43
Re: My TerraMaster F2-210 has been infected by Ransomware eCh0raix / QNAPCrypt
{L_BUTTON_AT}cocoykira
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Re: My TerraMaster F2-210 has been infected by Ransomware eCh0raix / QNAPCrypt
{L_BUTTON_AT}TMroy
I have installed all latest updates. How do I install the patch 1.04?
You are right, this is an scan from inside the network. But vulnerabilities are there and is just a matter of having a device vulnerable in your network to do the jump to other ones. Lets hope that they spend time on fixing their problemssianderson wrote: ↑07 Feb 2021, 19:20 while i am sure you are correct from an inside network scan from my understanding these are only susceptible by someone opening a port from the outside world directly to the nas drive (but also intrestingly a couple of those on your list refer to Wifi Chipset, I'm not aware the F2-210 has a wifi .....
Re: My TerraMaster F2-210 has been infected by Ransomware eCh0raix / QNAPCrypt
{L_BUTTON_AT}cocoykira
Hello,
You can refer to this link:viewtopic.php?f=28&t=1559
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement)
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement)
Re: My TerraMaster F2-210 has been infected by Ransomware eCh0raix / QNAPCrypt
{L_BUTTON_AT}TMRyan
many thanks, updated now!!!