Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
terra-master vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-35665
An unauthenticated command-execution vulnerability exists in TerraMaster TOS up to and including 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
Terra-master Terramaster Operating System
7.5
CVSSv3
CVE-2019-18383
An issue exists on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.
Terra-master Fs-210 Firmware 4.0.19
6.5
CVSSv3
CVE-2019-18384
An issue exists on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.
Terra-master Fs-210 Firmware 4.0.19
7.5
CVSSv3
CVE-2019-18385
An issue exists on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.
Terra-master Fs-210 Firmware 4.0.19
6.1
CVSSv3
CVE-2018-13334
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript via the "options[sysname]" parameter.
Terra-master Terramaster Operating System 3.1.03
9.8
CVSSv3
CVE-2018-13336
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to execute system commands via the "pwd" parameter during user creation.
Terra-master Terramaster Operating System 3.1.03
6.1
CVSSv3
CVE-2018-13329
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript via the "lines" URL parameter.
Terra-master Terramaster Operating System 3.1.03
7.2
CVSSv3
CVE-2018-13330
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to execute system commands during group creation via the "groupname" parameter.
Terra-master Terramaster Operating System 3.1.03
6.1
CVSSv3
CVE-2018-13331
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript when viewing users by placing JavaScript in their usernames.
Terra-master Terramaster Operating System 3.1.03
7.5
CVSSv3
CVE-2018-13332
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows malicious users to upload files to arbitrary locations via the "path" URL parameter.
Terra-master Terramaster Operating System 3.1.03
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »