Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
terra-master vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-48185
Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote malicious user to obtain sensitive information via a crafted GET request.
Terra-mater Terra-master
668
VMScore
CVE-2021-30127
TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json pr...
Terra-master F2-210 Firmware
1000
VMScore
CVE-2020-35665
An unauthenticated command-execution vulnerability exists in TerraMaster TOS up to and including 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
Terra-master Terramaster Operating System
1 Metasploit module
890
VMScore
CVE-2017-9328
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS prior to 3.0.34 leads to remote code execution as root.
Terra-master Terramaster Operating System
890
VMScore
CVE-2021-45840
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.
Terra-master Tos 4.2.15-2107141517
801
VMScore
CVE-2021-45836
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.
Terra-master Tos 4.2.15-2107141517
445
VMScore
CVE-2021-45842
It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS...
Terra-master Tos 4.2.15-2107141517
578
VMScore
CVE-2019-18195
An issue exists on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation.
Terra-master F2-210 Firmware 4.0.19
1000
VMScore
CVE-2021-45837
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.
Terra-master Tos 4.2.15-2107141517
1 Metasploit module
440
VMScore
CVE-2021-45839
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS...
Terra-master Tos 4.2.15-2107141517
1 Metasploit module
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »