Filtered by vendor Terra-master
Subscriptions
Filtered by product Terramaster Operating System
Subscriptions
Total
28 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-13353 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. | ||||
CVE-2018-13355 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. | ||||
CVE-2018-13349 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username. | ||||
CVE-2018-13333 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | ||||
CVE-2018-13332 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter. | ||||
CVE-2020-35665 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-04 | 9.8 Critical |
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. | ||||
CVE-2022-24989 | 1 Terra-master | 30 F2-210, F2-221, F2-223 and 27 more | 2024-08-03 | 9.8 Critical |
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used. | ||||
CVE-2022-24990 | 1 Terra-master | 30 F2-210, F2-221, F2-223 and 27 more | 2024-08-03 | 7.5 High |
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. |