Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
terra-master tos vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-45836
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.
Terra-master Tos 4.2.15-2107141517
9
CVSSv2
CVE-2018-13356
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to elevate user permissions.
Terra-master Terramaster Operating System 3.1.03
9
CVSSv2
CVE-2018-13418
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows malicious users to execute system commands via the "newname" parameter.
Terra-master Terramaster Operating System 3.1.03
9
CVSSv2
CVE-2018-13330
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to execute system commands during group creation via the "groupname" parameter.
Terra-master Terramaster Operating System 3.1.03
9
CVSSv2
CVE-2018-13353
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to execute commands via the "checkport" parameter.
Terra-master Terramaster Operating System 3.1.03
9
CVSSv2
CVE-2018-13358
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to execute system commands via the "checkName" parameter.
Terra-master Terramaster Operating System 3.1.03
7.5
CVSSv2
CVE-2018-13350
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows malicious users to execute SQL queries via the "Event" parameter.
Terra-master Terramaster Operating System 3.1.03
6.8
CVSSv2
CVE-2021-45841
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated ...
Terra-master Tos 4.2.15-2107141517
1 Metasploit module
6.8
CVSSv2
CVE-2020-28186
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated malicious users to abuse the forget password functionality and achieve account takeover.
Terra-master Tos
6.8
CVSSv2
CVE-2018-13359
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript via the "modgroup" parameter.
Terra-master Terramaster Operating System 3.1.03
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »