Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
terra-master terramaster operating system vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-24989
TerraMaster NAS up to and including 4.2.30 allows remote WAN malicious users to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because pop...
Terra-master Terramaster Operating System
1 Metasploit module
9.8
CVSSv3
CVE-2020-35665
An unauthenticated command-execution vulnerability exists in TerraMaster TOS up to and including 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
Terra-master Terramaster Operating System
1 Metasploit module
9.8
CVSSv3
CVE-2018-13354
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows malicious users to execute system commands via the "Event" parameter.
Terra-master Terramaster Operating System 3.1.03
9.8
CVSSv3
CVE-2018-13336
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to execute system commands via the "pwd" parameter during user creation.
Terra-master Terramaster Operating System 3.1.03
9.8
CVSSv3
CVE-2018-13338
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to execute system commands via the "username" parameter during user creation.
Terra-master Terramaster Operating System 3.1.03
9.8
CVSSv3
CVE-2018-13350
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows malicious users to execute SQL queries via the "Event" parameter.
Terra-master Terramaster Operating System 3.1.03
9.8
CVSSv3
CVE-2017-9328
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS prior to 3.0.34 leads to remote code execution as root.
Terra-master Terramaster Operating System
8.8
CVSSv3
CVE-2018-13359
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript via the "modgroup" parameter.
Terra-master Terramaster Operating System 3.1.03
8.8
CVSSv3
CVE-2018-13356
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to elevate user permissions.
Terra-master Terramaster Operating System 3.1.03
8.8
CVSSv3
CVE-2018-13418
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows malicious users to execute system commands via the "newname" parameter.
Terra-master Terramaster Operating System 3.1.03
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »