Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
terra-master tos vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2018-13337
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows malicious users to control users' session cookies via JavaScript.
Terra-master Terramaster Operating System 3.1.03
5.5
CVSSv2
CVE-2020-29189
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated malicious users to bypass read-only restriction and obtain full access to any folder within the NAS
Terra-master Tos
5
CVSSv2
CVE-2021-45842
It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS...
Terra-master Tos 4.2.15-2107141517
5
CVSSv2
CVE-2020-28185
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated malicious users to identify valid users within the system via the username parameter to wizard/initialise.php.
Terra-master Tos
5
CVSSv2
CVE-2018-13352
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows malicious users to view active session tokens in a world-readable directory.
Terra-master Terramaster Operating System 3.1.03
5
CVSSv2
CVE-2018-13361
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows malicious users to list all system users via the "modgroup" parameter.
Terra-master Terramaster Operating System 3.1.03
5
CVSSv2
CVE-2018-13332
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows malicious users to upload files to arbitrary locations via the "path" URL parameter.
Terra-master Terramaster Operating System 3.1.03
4.3
CVSSv2
CVE-2020-28190
TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates.
Terra-master Tos
4.3
CVSSv2
CVE-2018-13331
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript when viewing users by placing JavaScript in their usernames.
Terra-master Terramaster Operating System 3.1.03
4.3
CVSSv2
CVE-2018-13333
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
Terra-master Terramaster Operating System 3.1.03
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »