Terramaster Operating System CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (28 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-24990	1 Terra-master	30 F2-210, F2-221, F2-223 and 27 more	2025-07-30	9.8 Critical
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
CVE-2017-9328	1 Terra-master	1 Terramaster Operating System	2025-04-20	N/A
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root.
CVE-2022-24989	1 Terra-master	30 F2-210, F2-221, F2-223 and 27 more	2024-11-21	9.8 Critical
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.
CVE-2020-35665	1 Terra-master	1 Terramaster Operating System	2024-11-21	9.8 Critical
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
CVE-2018-13418	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.
CVE-2018-13361	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.
CVE-2018-13360	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.
CVE-2018-13359	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
CVE-2018-13358	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.
CVE-2018-13357	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.
CVE-2018-13356	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
CVE-2018-13355	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.
CVE-2018-13354	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
CVE-2018-13353	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
CVE-2018-13352	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
CVE-2018-13351	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
CVE-2018-13350	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
CVE-2018-13349	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
CVE-2018-13338	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
CVE-2018-13337	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.

Page 1 of 2. next last »