Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
terra-master vulnerabilities and exploits
(subscribe to this query)
892
VMScore
CVE-2020-28187
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated malicious users to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtabl...
Terra-master Tos
891
VMScore
CVE-2020-15568
TerraMaster TOS prior to 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the...
Terra-master Tos
2 Github repositories
607
VMScore
CVE-2020-28186
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated malicious users to abuse the forget password functionality and achieve account takeover.
Terra-master Tos
383
VMScore
CVE-2020-28190
TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates.
Terra-master Tos
312
VMScore
CVE-2020-28184
Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php.
Terra-master Tos
447
VMScore
CVE-2020-28185
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated malicious users to identify valid users within the system via the username parameter to wizard/initialise.php.
Terra-master Tos
890
VMScore
CVE-2020-28188
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated malicious users to inject OS commands via /include/makecvs.php in Event parameter.
Terra-master Tos
1 Github repository
490
VMScore
CVE-2020-29189
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated malicious users to bypass read-only restriction and obtain full access to any folder within the NAS
Terra-master Tos
NA
CVE-2022-24989
TerraMaster NAS up to and including 4.2.30 allows remote WAN malicious users to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because pop...
Terra-master Terramaster Operating System
1 Metasploit module
NA
CVE-2022-24990
TerraMaster NAS 4.2.29 and previous versions allows remote malicious users to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Terra-master Terramaster Operating System
1 Metasploit module
5 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »