← Back

Terra Master

terra-master

47 CVEs • 35 products

Products (35)

Click to collapse
Toggle
Terramaster Operating System
terramaster_operating_system
28 CVEs
Tos
tos
14 CVEs
Fs 210 Firmware
fs-210_firmware
3 CVEs
F2 210 Firmware
f2-210_firmware
2 CVEs
Fs 210
fs-210
0 CVEs
F2 210
f2-210
0 CVEs
F4 210
f4-210
0 CVEs
F2 221
f2-221
0 CVEs
F2 223
f2-223
0 CVEs
F2 422
f2-422
0 CVEs
F2 423
f2-423
0 CVEs
F4 421
f4-421
0 CVEs
F4 422
f4-422
0 CVEs
F4 423
f4-423
0 CVEs
F5 221
f5-221
0 CVEs
F5 422
f5-422
0 CVEs
T12 423
t12-423
0 CVEs
T12 450
t12-450
0 CVEs
T6 423
t6-423
0 CVEs
T9 423
t9-423
0 CVEs
T9 450
t9-450
0 CVEs
U12 322 9100
u12-322-9100
0 CVEs
U12 423
u12-423
0 CVEs
U12 722 2224
u12-722-2224
0 CVEs
U16 322 9100
u16-322-9100
0 CVEs
U16 722 2224
u16-722-2224
0 CVEs
U24 722 2224
u24-722-2224
0 CVEs
U4 111
u4-111
0 CVEs
U4 211
u4-211
0 CVEs
U4 423
u4-423
0 CVEs
U8 111
u8-111
0 CVEs
U8 322 9100
u8-322-9100
0 CVEs
U8 423
u8-423
0 CVEs
U8 522 9400
u8-522-9400
0 CVEs
U8 722 2224
u8-722-2224
0 CVEs

CVEs (47)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-13332
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.
CVE-2018-13331
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.
CVE-2018-13330
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
CVE-2018-13337
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
5.4 MEDIUM· v3
5.8 MEDIUM· v2
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.
CVE-2018-13334
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.
CVE-2018-13329
1Terra Master
1Terramaster Operating System
Nov 21, 2024
Nov 27, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.
CVE-2017-9328
1Terra Master
1Terramaster Operating System
May 13, 2026
Sep 15, 2017
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root.