Re: My TerraMaster F2-210 has been infected by Ransomware eCh0raix / QNAPCrypt
Posted: 06 Feb 2021, 18:50
Just to let you know guys that is normal to be infected.. this terramaster nas is a extremely BIG hole of vulnerabilities.
This is a report of the upnp service (which is the basic service that I have up and running)
49152/tcp open upnp Portable SDK for UPnP devices 1.6.22 (Linux 4.13.16; UPnP 1.0)
| vulners:
| cpe:/o:linux:linux_kernel:4.13.16:
| CVE-2019-14901 10.0 https://vulners.com/cve/CVE-2019-14901
| PACKETSTORM:135372 9.3 https://vulners.com/packetstorm/PACKETSTORM:135372 *EXPLOIT*
| CVE-2018-20836 9.3 https://vulners.com/cve/CVE-2018-20836
| CVE-2015-0571 9.3 https://vulners.com/cve/CVE-2015-0571
| CVE-2015-0570 9.3 https://vulners.com/cve/CVE-2015-0570
| CVE-2015-0569 9.3 https://vulners.com/cve/CVE-2015-0569
| 1337DAY-ID-25771 9.3 https://vulners.com/zdt/1337DAY-ID-25771 *EXPLOIT*
| CVE-2019-11477 7.8 https://vulners.com/cve/CVE-2019-11477
| CVE-2018-5391 7.8 https://vulners.com/cve/CVE-2018-5391
| CVE-2018-5390 7.8 https://vulners.com/cve/CVE-2018-5390
| EXPLOITPACK:669B77DE42FC41B271BD53577DECE916 7.5 https://vulners.com/exploitpack/EXPLOIT ... 577DECE916 *EXPLOIT*
| CVE-2019-14895 7.5 https://vulners.com/cve/CVE-2019-14895
| CVE-2019-14835 7.2 https://vulners.com/cve/CVE-2019-14835
| CVE-2018-8781 7.2 https://vulners.com/cve/CVE-2018-8781
| CVE-2018-6555 7.2 https://vulners.com/cve/CVE-2018-6555
| CVE-2018-14619 7.2 https://vulners.com/cve/CVE-2018-14619
| CVE-2018-1068 7.2 https://vulners.com/cve/CVE-2018-1068
| CVE-2017-15115 7.2 https://vulners.com/cve/CVE-2017-15115
| EXPLOITPACK:D8B1BFCB08D0FAA92CCBDBD01EF88A3F 6.9 https://vulners.com/exploitpack/EXPLOIT ... D01EF88A3F *EXPLOIT*
| EDB-ID:44305 6.9 https://vulners.com/exploitdb/EDB-ID:44305 *EXPLOIT*
| CVE-2020-10757 6.9 https://vulners.com/cve/CVE-2020-10757
| CVE-2018-5814 6.9 https://vulners.com/cve/CVE-2018-5814
| CVE-2017-1000405 6.9 https://vulners.com/cve/CVE-2017-1000405
| CVE-2018-18559 6.8 https://vulners.com/cve/CVE-2018-18559
| CVE-2018-1000026 6.8 https://vulners.com/cve/CVE-2018-1000026
| CVE-2018-1000204 6.3 https://vulners.com/cve/CVE-2018-1000204
| CVE-2017-1000407 6.1 https://vulners.com/cve/CVE-2017-1000407
| CVE-2019-19332 5.6 https://vulners.com/cve/CVE-2019-19332
| CVE-2019-18282 5.0 https://vulners.com/cve/CVE-2019-18282
| CVE-2019-16921 5.0 https://vulners.com/cve/CVE-2019-16921
| CVE-2019-11478 5.0 https://vulners.com/cve/CVE-2019-11478
| CVE-2019-10639 5.0 https://vulners.com/cve/CVE-2019-10639
| CVE-2018-6412 5.0 https://vulners.com/cve/CVE-2018-6412
| CVE-2018-16871 5.0 https://vulners.com/cve/CVE-2018-16871
| CVE-2017-1000410 5.0 https://vulners.com/cve/CVE-2017-1000410
| CVE-2018-6554 4.9 https://vulners.com/cve/CVE-2018-6554
| CVE-2018-5803 4.9 https://vulners.com/cve/CVE-2018-5803
| CVE-2018-18690 4.9 https://vulners.com/cve/CVE-2018-18690
| CVE-2018-14646 4.9 https://vulners.com/cve/CVE-2018-14646
| CVE-2018-1130 4.9 https://vulners.com/cve/CVE-2018-1130
| CVE-2018-10074 4.9 https://vulners.com/cve/CVE-2018-10074
| CVE-2018-10021 4.9 https://vulners.com/cve/CVE-2018-10021
| CVE-2010-5321 4.9 https://vulners.com/cve/CVE-2010-5321
| 1337DAY-ID-31841 4.9 https://vulners.com/zdt/1337DAY-ID-31841 *EXPLOIT*
| 1337DAY-ID-31840 4.9 https://vulners.com/zdt/1337DAY-ID-31840 *EXPLOIT*
| PACKETSTORM:141914 4.6 https://vulners.com/packetstorm/PACKETSTORM:141914 *EXPLOIT*
| EDB-ID:41761 4.6 https://vulners.com/exploitdb/EDB-ID:41761 *EXPLOIT*
| CVE-2020-14390 4.6 https://vulners.com/cve/CVE-2020-14390
| CVE-2018-20976 4.6 https://vulners.com/cve/CVE-2018-20976
| CVE-2018-20854 4.6 https://vulners.com/cve/CVE-2018-20854
| CVE-2018-18281 4.6 https://vulners.com/cve/CVE-2018-18281
| CVE-2018-10853 4.6 https://vulners.com/cve/CVE-2018-10853
Bad thing about this NAS is that the setup just sucks, there is no chance to create a firewall and there is no clear rules to block ALL incoming traffic from outside.
This is a report of the upnp service (which is the basic service that I have up and running)
49152/tcp open upnp Portable SDK for UPnP devices 1.6.22 (Linux 4.13.16; UPnP 1.0)
| vulners:
| cpe:/o:linux:linux_kernel:4.13.16:
| CVE-2019-14901 10.0 https://vulners.com/cve/CVE-2019-14901
| PACKETSTORM:135372 9.3 https://vulners.com/packetstorm/PACKETSTORM:135372 *EXPLOIT*
| CVE-2018-20836 9.3 https://vulners.com/cve/CVE-2018-20836
| CVE-2015-0571 9.3 https://vulners.com/cve/CVE-2015-0571
| CVE-2015-0570 9.3 https://vulners.com/cve/CVE-2015-0570
| CVE-2015-0569 9.3 https://vulners.com/cve/CVE-2015-0569
| 1337DAY-ID-25771 9.3 https://vulners.com/zdt/1337DAY-ID-25771 *EXPLOIT*
| CVE-2019-11477 7.8 https://vulners.com/cve/CVE-2019-11477
| CVE-2018-5391 7.8 https://vulners.com/cve/CVE-2018-5391
| CVE-2018-5390 7.8 https://vulners.com/cve/CVE-2018-5390
| EXPLOITPACK:669B77DE42FC41B271BD53577DECE916 7.5 https://vulners.com/exploitpack/EXPLOIT ... 577DECE916 *EXPLOIT*
| CVE-2019-14895 7.5 https://vulners.com/cve/CVE-2019-14895
| CVE-2019-14835 7.2 https://vulners.com/cve/CVE-2019-14835
| CVE-2018-8781 7.2 https://vulners.com/cve/CVE-2018-8781
| CVE-2018-6555 7.2 https://vulners.com/cve/CVE-2018-6555
| CVE-2018-14619 7.2 https://vulners.com/cve/CVE-2018-14619
| CVE-2018-1068 7.2 https://vulners.com/cve/CVE-2018-1068
| CVE-2017-15115 7.2 https://vulners.com/cve/CVE-2017-15115
| EXPLOITPACK:D8B1BFCB08D0FAA92CCBDBD01EF88A3F 6.9 https://vulners.com/exploitpack/EXPLOIT ... D01EF88A3F *EXPLOIT*
| EDB-ID:44305 6.9 https://vulners.com/exploitdb/EDB-ID:44305 *EXPLOIT*
| CVE-2020-10757 6.9 https://vulners.com/cve/CVE-2020-10757
| CVE-2018-5814 6.9 https://vulners.com/cve/CVE-2018-5814
| CVE-2017-1000405 6.9 https://vulners.com/cve/CVE-2017-1000405
| CVE-2018-18559 6.8 https://vulners.com/cve/CVE-2018-18559
| CVE-2018-1000026 6.8 https://vulners.com/cve/CVE-2018-1000026
| CVE-2018-1000204 6.3 https://vulners.com/cve/CVE-2018-1000204
| CVE-2017-1000407 6.1 https://vulners.com/cve/CVE-2017-1000407
| CVE-2019-19332 5.6 https://vulners.com/cve/CVE-2019-19332
| CVE-2019-18282 5.0 https://vulners.com/cve/CVE-2019-18282
| CVE-2019-16921 5.0 https://vulners.com/cve/CVE-2019-16921
| CVE-2019-11478 5.0 https://vulners.com/cve/CVE-2019-11478
| CVE-2019-10639 5.0 https://vulners.com/cve/CVE-2019-10639
| CVE-2018-6412 5.0 https://vulners.com/cve/CVE-2018-6412
| CVE-2018-16871 5.0 https://vulners.com/cve/CVE-2018-16871
| CVE-2017-1000410 5.0 https://vulners.com/cve/CVE-2017-1000410
| CVE-2018-6554 4.9 https://vulners.com/cve/CVE-2018-6554
| CVE-2018-5803 4.9 https://vulners.com/cve/CVE-2018-5803
| CVE-2018-18690 4.9 https://vulners.com/cve/CVE-2018-18690
| CVE-2018-14646 4.9 https://vulners.com/cve/CVE-2018-14646
| CVE-2018-1130 4.9 https://vulners.com/cve/CVE-2018-1130
| CVE-2018-10074 4.9 https://vulners.com/cve/CVE-2018-10074
| CVE-2018-10021 4.9 https://vulners.com/cve/CVE-2018-10021
| CVE-2010-5321 4.9 https://vulners.com/cve/CVE-2010-5321
| 1337DAY-ID-31841 4.9 https://vulners.com/zdt/1337DAY-ID-31841 *EXPLOIT*
| 1337DAY-ID-31840 4.9 https://vulners.com/zdt/1337DAY-ID-31840 *EXPLOIT*
| PACKETSTORM:141914 4.6 https://vulners.com/packetstorm/PACKETSTORM:141914 *EXPLOIT*
| EDB-ID:41761 4.6 https://vulners.com/exploitdb/EDB-ID:41761 *EXPLOIT*
| CVE-2020-14390 4.6 https://vulners.com/cve/CVE-2020-14390
| CVE-2018-20976 4.6 https://vulners.com/cve/CVE-2018-20976
| CVE-2018-20854 4.6 https://vulners.com/cve/CVE-2018-20854
| CVE-2018-18281 4.6 https://vulners.com/cve/CVE-2018-18281
| CVE-2018-10853 4.6 https://vulners.com/cve/CVE-2018-10853
Bad thing about this NAS is that the setup just sucks, there is no chance to create a firewall and there is no clear rules to block ALL incoming traffic from outside.