I have a NAS F2-423 with the tos version 6.0.694...I'm very satisfied, especially with the support and service. I recently ran a simple Nmap vulnerable scan and was shocked at the number of vulnerabilities, some of which are publicly known and can be prevented with newer versions of certain services.
Nginx 1.18.0-vulnerabilities (CVEs wie CVE-2022-41741, CVE-2021-23017, CVE-2023-44487
Python 3.10.12-vulnerabilities (CVEs wie CVE-2024-7592, CVE-2024-6232 etc.).this are very highly dangerous exploits which you can check here: https://www.cve.org/CVERecord/SearchRes ... -2024-3094... there you can search for the mentioned ones .
the python vulnerabilty didnt exist in the 5.x version and i see it now with the tos version 6.... its not that much work to deliver a much higher sequrity which is a big thing especially for a nas.pleasae do a up to date version of nginx as soon as possible ..i did alreaday sent a few screenshot of my nmap results to the support and hope they will do the needed changes....as long i cant let my upnp open and need to close all the well beloved services of the nas to not get easily malware installed.
wish you all the best and am still a fan of tnas
cookiehacker
[Discussion] dangerous exploits which are already well know because of the damn old nginx version
- cookiehacker
- Posts: 1
- Joined: 10 Jun 2025, 00:02

Re: [Discussion] dangerous exploits which are already well know because of the damn old nginx version
Thank you for your feedback. I have forwarded this issue to our technical team, and they will conduct another verification.
Here's what I know about the current situation:
The Nginx 1.18.0 used in TOS 6.0.694 is the latest version officially maintained by Ubuntu 22.04. Ubuntu 22.04's maintenance mechanism delivers security patches through software repositories while keeping the major version number unchanged.
Your current scanning approach, which likely relies on version number matching, may produce false positives. We recommend reviewing your scanning methodology or using professional tools like Nessus that support patch-level vulnerability detection.
Our technical team will continue monitoring Ubuntu's official security updates to ensure all critical patches are promptly implemented in TOS. Other known vulnerabilities are scheduled to be fixed in this month's release. Should you discover any additional issues, please don't hesitate to contact us.
Here's what I know about the current situation:
The Nginx 1.18.0 used in TOS 6.0.694 is the latest version officially maintained by Ubuntu 22.04. Ubuntu 22.04's maintenance mechanism delivers security patches through software repositories while keeping the major version number unchanged.
Your current scanning approach, which likely relies on version number matching, may produce false positives. We recommend reviewing your scanning methodology or using professional tools like Nessus that support patch-level vulnerability detection.
Our technical team will continue monitoring Ubuntu's official security updates to ensure all critical patches are promptly implemented in TOS. Other known vulnerabilities are scheduled to be fixed in this month's release. Should you discover any additional issues, please don't hesitate to contact us.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement)
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement)
