Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
terra-master vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-48185
Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote malicious user to obtain sensitive information via a crafted GET request.
Terra-mater Terra-master
668
VMScore
CVE-2021-30127
TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json pr...
Terra-master F2-210 Firmware
890
VMScore
CVE-2017-9328
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS prior to 3.0.34 leads to remote code execution as root.
Terra-master Terramaster Operating System
1000
VMScore
CVE-2021-45837
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.
Terra-master Tos 4.2.15-2107141517
1 Metasploit module
440
VMScore
CVE-2021-45839
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS...
Terra-master Tos 4.2.15-2107141517
1 Metasploit module
720
VMScore
CVE-2021-45841
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated ...
Terra-master Tos 4.2.15-2107141517
1 Metasploit module
356
VMScore
CVE-2019-18384
An issue exists on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.
Terra-master Fs-210 Firmware 4.0.19
445
VMScore
CVE-2019-18385
An issue exists on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.
Terra-master Fs-210 Firmware 4.0.19
890
VMScore
CVE-2020-35665
An unauthenticated command-execution vulnerability exists in TerraMaster TOS up to and including 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
Terra-master Terramaster Operating System
445
VMScore
CVE-2019-18383
An issue exists on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.
Terra-master Fs-210 Firmware 4.0.19
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »