Skip to content Dark Web Informer - Cyber Threat Intelligence

Alleged sale of 0-day vulnerability affecting TerraMaster NAS – Pre-Auth Remote Code Execution

📢 Unlock Exclusive Cyber Threat Intelligence

Powered by DarkWebInformer.com

Get foundational access to breach intelligence — track breaches, leaks, and threats in real-time with unfiltered screenshots and expert summaries.

📚
4,000+ Blog Posts: Continuously updated with breach reports and threat summaries.
📢
15,000+ Alerts: Access detailed breach, leak, and DDoS alerts updated daily.
📤
Unredacted Threat Feed: Track breaches and leaks in real-time with JSON export support.
🔍
Leak & Breach Coverage: Get direct access to verified breach posts and claims.
📡
Snippets & Quick Facts: Receive concise summaries of DDoS, defacements, and breaches.
🤖
WhiteIntel.io API Access: Access an integrated API, in breach blog posts.
🖼️
High-Resolution Images: View uncompressed, watermark-free breach evidence.
🔑
Keyword Notifications: Receive browser alerts when monitored keywords are triggered.
📧
Custom Email Alerts: Get curated daily, weekly, or filtered alert summaries.
👥
Telegram Channels: Stay in the know with access to different Telegram channels.
📨
PGP Contact Details: Access verified PGPs for ransomware and threat groups.
⚠️
Coming Soon: CVE Alert Feed – Be first to know when new vulnerabilities emerge.

Disclaimer
This report includes actual screenshots and/or text that may include unredacted personally identifiable information (PII) gathered from publicly available sources. The sensitive information presented within this report is intended solely for cybersecurity awareness and threat intelligence purposes. Dark Web Informer explicitly condemns unauthorized access, distribution, or misuse of the personal data displayed or referenced here. Users must treat exposed data responsibly and ethically.


📌 Overview

A threat actor operating under the alias skart7 has posted a listing offering a zero-day remote code execution (RCE) exploit targeting TerraMaster NAS devices. The exploit requires no authentication or user interaction, and is said to work on all versions of TOS 4 and TOS 5, including the latest releases. If real, this vulnerability could allow attackers to obtain full root access on affected devices remotely.


📊 Key Details

AttributeInformation
Date2025-06-02, 08:54:00 PM
Threat Actorskart7
Victim CountryChina
IndustryComputer & Network Security
OrganizationTerraMaster
Victim Siteterra-master.com
CategoryVulnerability
SeverityLow (unconfirmed 0-day with unknown spread)
Networkopenweb

Subscriber-only content…


🔗 Claim Post (Plain Text)

https://forum.exploit.in/topic/260187/


📢 Threat Actor’s Claim

Exploit Details:

  • Target: TerraMaster NAS (TOS 4 and 5, all versions)
  • Exploit Type: Pre-authentication Remote Code Execution
  • Privileges Required: None
  • Privileges Gained: Full root access to NAS device
  • Exploit Reliability: 100% (claimed)
  • User Interaction: None
  • Vulnerability Count: 3 underlying issues exploited
  • Compatibility: Works under default settings
  • Multi-Version Support: All TOS 4 & 5 releases, including the latest

Other Info:

  • Forum escrow supported
  • TOX and Session contact IDs provided for transaction
  • Request for “serious buyers only”

📸 Screenshot


🛡️ WhiteIntel.io Data Leak Information


⚔️ Tactics, Techniques, and Procedures (TTPs)

TacticTechnique IDDescription
Initial AccessT1190Exploit Public-Facing Application – Remote attack via NAS web UI
ExecutionT1059Command and Scripting Interpreter – Achieve RCE on Linux target
Privilege EscalationT1068Exploitation of Vulnerability – Root-level access on NAS devices

🚨 Potential Risks

  • Full device takeover of unpatched TerraMaster NAS devices
  • Remote exfiltration or ransomware deployment without user interaction
  • Exploit resale or integration into botnets targeting SMB/home NAS environments
  • Possible zero-day status requiring vendor-side investigation

  • Monitor for incoming traffic to NAS ports from unfamiliar IPs
  • Temporarily restrict WAN-facing NAS interfaces
  • Contact TerraMaster support for official security bulletins
  • Conduct firmware integrity and patch validation
  • Track and monitor exploit forums for proof-of-concept or resale

💡 Final Thoughts

If validated, this pre-authentication RCE affecting TerraMaster TOS 4 and 5 presents a significant threat to SOHO and SMB environments using NAS solutions. Its combination of stealth, privilege escalation, and reliability make it highly desirable for actors in need of persistence or lateral movement capabilities.


Stay informed at DarkWebInformer.com

Latest