← Back

Terra Master

terra-master

47 CVEs • 35 products

Products (35)

Click to collapse
Toggle
Terramaster Operating System
terramaster_operating_system
28 CVEs
Tos
tos
14 CVEs
Fs 210 Firmware
fs-210_firmware
3 CVEs
F2 210 Firmware
f2-210_firmware
2 CVEs
Fs 210
fs-210
0 CVEs
F2 210
f2-210
0 CVEs
F4 210
f4-210
0 CVEs
F2 221
f2-221
0 CVEs
F2 223
f2-223
0 CVEs
F2 422
f2-422
0 CVEs
F2 423
f2-423
0 CVEs
F4 421
f4-421
0 CVEs
F4 422
f4-422
0 CVEs
F4 423
f4-423
0 CVEs
F5 221
f5-221
0 CVEs
F5 422
f5-422
0 CVEs
T12 423
t12-423
0 CVEs
T12 450
t12-450
0 CVEs
T6 423
t6-423
0 CVEs
T9 423
t9-423
0 CVEs
T9 450
t9-450
0 CVEs
U12 322 9100
u12-322-9100
0 CVEs
U12 423
u12-423
0 CVEs
U12 722 2224
u12-722-2224
0 CVEs
U16 322 9100
u16-322-9100
0 CVEs
U16 722 2224
u16-722-2224
0 CVEs
U24 722 2224
u24-722-2224
0 CVEs
U4 111
u4-111
0 CVEs
U4 211
u4-211
0 CVEs
U4 423
u4-423
0 CVEs
U8 111
u8-111
0 CVEs
U8 322 9100
u8-322-9100
0 CVEs
U8 423
u8-423
0 CVEs
U8 522 9400
u8-522-9400
0 CVEs
U8 722 2224
u8-722-2224
0 CVEs

CVEs (47)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-18384
1Terra Master
1Fs 210 Firmware
Nov 21, 2024
Oct 23, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substrin...Show more
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.Show less
CVE-2019-18383
1Terra Master
1Fs 210 Firmware
Nov 21, 2024
Oct 23, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.
CVE-2018-13418
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.
CVE-2018-13361
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.
CVE-2018-13360
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.
CVE-2018-13359
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
CVE-2018-13358
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.
CVE-2018-13357
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.
CVE-2018-13356
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
CVE-2018-13355
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.
CVE-2018-13354
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
CVE-2018-13353
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
CVE-2018-13352
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
CVE-2018-13351
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
CVE-2018-13350
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
CVE-2018-13349
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
CVE-2018-13338
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
CVE-2018-13336
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
CVE-2018-13335
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.
CVE-2018-13333
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.