[Discussion] dangerous exploits which are already well know because of the damn old nginx version

The discussion here is limited to topics related to the system update itself. Please post the functional issues after the system update to the corresponding other forums.
Post Reply
User avatar
cookiehacker
Posts: 1
Joined: 10 Jun 2025, 00:02
Thailand

[Discussion] dangerous exploits which are already well know because of the damn old nginx version

Post by cookiehacker »

I have a NAS F2-423 with the tos version 6.0.694...I'm very satisfied, especially with the support and service. I recently ran a simple Nmap vulnerable scan and was shocked at the number of vulnerabilities, some of which are publicly known and can be prevented with newer versions of certain services.
Nginx 1.18.0-vulnerabilities (CVEs wie CVE-2022-41741, CVE-2021-23017, CVE-2023-44487
Python 3.10.12-vulnerabilities (CVEs wie CVE-2024-7592, CVE-2024-6232 etc.).this are very highly dangerous exploits which you can check here: https://www.cve.org/CVERecord/SearchRes ... -2024-3094... there you can search for the mentioned ones .
the python vulnerabilty didnt exist in the 5.x version and i see it now with the tos version 6.... its not that much work to deliver a much higher sequrity which is a big thing especially for a nas.pleasae do a up to date version of nginx as soon as possible ..i did alreaday sent a few screenshot of my nmap results to the support and hope they will do the needed changes....as long i cant let my upnp open and need to close all the well beloved services of the nas to not get easily malware installed.


wish you all the best and am still a fan of tnas

cookiehacker
User avatar
RyanYang
TM Support
Posts: 1141
Joined: 01 Dec 2020, 11:50
China

Re: [Discussion] dangerous exploits which are already well know because of the damn old nginx version

Post by RyanYang »

Thank you for your feedback. I have forwarded this issue to our technical team, and they will conduct another verification.

Here's what I know about the current situation:
The Nginx 1.18.0 used in TOS 6.0.694 is the latest version officially maintained by Ubuntu 22.04. Ubuntu 22.04's maintenance mechanism delivers security patches through software repositories while keeping the major version number unchanged.

Your current scanning approach, which likely relies on version number matching, may produce false positives. We recommend reviewing your scanning methodology or using professional tools like Nessus that support patch-level vulnerability detection.

Our technical team will continue monitoring Ubuntu's official security updates to ensure all critical patches are promptly implemented in TOS. Other known vulnerabilities are scheduled to be fixed in this month's release. Should you discover any additional issues, please don't hesitate to contact us.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement)
Post Reply

Return to “System Update”