Thecus ® Patches

Below are patches I wrote for various Thecus® models to fix or work around issues in the firmware.

KKM-798736 - Remote File Inclusion in usr/getform.html

The 1.x and 2.x firmware is vulnerable to remote file inclusion (RFI) due to allow_url_fopen being enabled and arguments are not being checked prior to being used in file operations. Since the 3.x firmware uses a redesigned WebUI it is not affected by this vulnerability.

Increase PHP's memory_limit

This update changes the PHP memory_limit from it's default of 8MB to 32/64MB. the default of 8MB may cause the web disk to fail on large directories.


ClearModules is a pseudo firmware update package that renames the module installation folder /raid/data/module to allow it to rebuild on the next restart.