Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
terra-master vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-18195
An issue exists on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation.
Terra-master F2-210 Firmware 4.0.19
9
CVSSv2
CVE-2021-45836
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.
Terra-master Tos 4.2.15-2107141517
10
CVSSv2
CVE-2021-45840
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.
Terra-master Tos 4.2.15-2107141517
5
CVSSv2
CVE-2021-45842
It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS...
Terra-master Tos 4.2.15-2107141517
4.3
CVSSv2
CVE-2018-13349
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript via the user's username.
Terra-master Terramaster Operating System 3.1.03
7.5
CVSSv2
CVE-2018-13350
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows malicious users to execute SQL queries via the "Event" parameter.
Terra-master Terramaster Operating System 3.1.03
3.5
CVSSv2
CVE-2018-13351
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript via the edit password form.
Terra-master Terramaster Operating System 3.1.03
5
CVSSv2
CVE-2018-13352
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows malicious users to view active session tokens in a world-readable directory.
Terra-master Terramaster Operating System 3.1.03
9
CVSSv2
CVE-2018-13353
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to execute commands via the "checkport" parameter.
Terra-master Terramaster Operating System 3.1.03
10
CVSSv2
CVE-2018-13354
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows malicious users to execute system commands via the "Event" parameter.
Terra-master Terramaster Operating System 3.1.03
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »