Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
terra-master terramaster operating system vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-24989
TerraMaster NAS up to and including 4.2.30 allows remote WAN malicious users to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because pop...
Terra-master Terramaster Operating System
1 Metasploit module
7.5
CVSSv3
CVE-2022-24990
TerraMaster NAS 4.2.29 and previous versions allows remote malicious users to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Terra-master Terramaster Operating System
1 Metasploit module
5 Github repositories
9.8
CVSSv3
CVE-2020-35665
An unauthenticated command-execution vulnerability exists in TerraMaster TOS up to and including 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
Terra-master Terramaster Operating System
1 Metasploit module
8.8
CVSSv3
CVE-2018-13418
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows malicious users to execute system commands via the "newname" parameter.
Terra-master Terramaster Operating System 3.1.03
7.2
CVSSv3
CVE-2018-13330
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to execute system commands during group creation via the "groupname" parameter.
Terra-master Terramaster Operating System 3.1.03
6.1
CVSSv3
CVE-2018-13331
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript when viewing users by placing JavaScript in their usernames.
Terra-master Terramaster Operating System 3.1.03
7.5
CVSSv3
CVE-2018-13332
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows malicious users to upload files to arbitrary locations via the "path" URL parameter.
Terra-master Terramaster Operating System 3.1.03
6.1
CVSSv3
CVE-2018-13333
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
Terra-master Terramaster Operating System 3.1.03
5.4
CVSSv3
CVE-2018-13335
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows malicious users to execute JavaScript when viewing shared folders via their descriptions.
Terra-master Terramaster Operating System 3.1.03
9.8
CVSSv3
CVE-2018-13336
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to execute system commands via the "pwd" parameter during user creation.
Terra-master Terramaster Operating System 3.1.03
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »