Terra-master CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (47 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-18384	1 Terra-master	2 Fs-210, Fs-210 Firmware	2024-11-21	6.5 Medium
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=public%25252Fadmin_OnlyRead.txt substring.
CVE-2019-18383	1 Terra-master	2 Fs-210, Fs-210 Firmware	2024-11-21	7.5 High
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.
CVE-2019-18195	1 Terra-master	2 F2-210, F2-210 Firmware	2024-11-21	8.8 High
An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation.
CVE-2018-13418	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.
CVE-2018-13361	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.
CVE-2018-13360	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.
CVE-2018-13359	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
CVE-2018-13358	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.
CVE-2018-13357	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.
CVE-2018-13356	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
CVE-2018-13355	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.
CVE-2018-13354	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
CVE-2018-13353	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
CVE-2018-13352	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
CVE-2018-13351	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
CVE-2018-13350	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
CVE-2018-13349	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
CVE-2018-13338	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
CVE-2018-13337	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.
CVE-2018-13336	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.

« first previous Page 2 of 3. next last »