CVE

CVE-2017-7494

2field notes · 0digests

Field notes

Analysis · May 20, 2026 · operations-desk
2017's other wormable file-share RCE, the one nobody remembers, is still on your NAS
Everyone remembers EternalBlue tearing through Windows SMB in 2017. The same year, Samba shipped a fix for SambaCry: upload a library to a writable share, trigger it, get root. It lives on in the NAS and IoT boxes that embed Samba and never update.
Analysis · May 20, 2026 · analysis-desk
A User-Agent string is not authentication, but TerraMaster's NAS treated it like one
To pull the admin password off a TerraMaster NAS, you sent a request with the header User-Agent: TNAS. The API recognized its own app's identifier and handed over the credentials. Chained to a second bug, that's unauthenticated root.