Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
terra-master tos vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-24989
TerraMaster NAS up to and including 4.2.30 allows remote WAN malicious users to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because pop...
Terra-master Terramaster Operating System
1 Metasploit module
9.8
CVSSv3
CVE-2021-45837
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.
Terra-master Tos 4.2.15-2107141517
1 Metasploit module
9.8
CVSSv3
CVE-2021-45840
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.
Terra-master Tos 4.2.15-2107141517
9.8
CVSSv3
CVE-2020-15568
TerraMaster TOS prior to 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the...
Terra-master Tos
2 Github repositories
9.8
CVSSv3
CVE-2020-28187
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated malicious users to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtabl...
Terra-master Tos
9.8
CVSSv3
CVE-2020-28188
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated malicious users to inject OS commands via /include/makecvs.php in Event parameter.
Terra-master Tos
1 Github repository
9.8
CVSSv3
CVE-2020-35665
An unauthenticated command-execution vulnerability exists in TerraMaster TOS up to and including 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
Terra-master Terramaster Operating System
9.8
CVSSv3
CVE-2018-13350
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows malicious users to execute SQL queries via the "Event" parameter.
Terra-master Terramaster Operating System 3.1.03
9.8
CVSSv3
CVE-2018-13354
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows malicious users to execute system commands via the "Event" parameter.
Terra-master Terramaster Operating System 3.1.03
9.8
CVSSv3
CVE-2018-13336
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows malicious users to execute system commands via the "pwd" parameter during user creation.
Terra-master Terramaster Operating System 3.1.03
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »