threat
engine
.sh
Back
·
··:··
Home
/
Product
/
terra master terramaster operating system
Product
terra master terramaster operating system
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-24989
< 4.2.31
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring param
9.8
CRITICAL
CVE-2022-24990
< 4.2.31
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" t
7.5
HIGH
CVE-2020-35665
<= 4.2.06
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event
9.8
CRITICAL
CVE-2018-13418
all versions
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" p
8.8
HIGH
CVE-2018-13361
all versions
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" p
5.3
MEDIUM
CVE-2018-13360
all versions
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" UR
6.1
MEDIUM
CVE-2018-13359
all versions
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup"
8.8
HIGH
CVE-2018-13358
all versions
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "ch
8.8
HIGH
CVE-2018-13357
all versions
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared
5.4
MEDIUM
CVE-2018-13356
all versions
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
8.8
HIGH
CVE-2018-13355
all versions
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper a
6.5
MEDIUM
CVE-2018-13354
all versions
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Ev
9.8
CRITICAL
CVE-2018-13353
all versions
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport
8.8
HIGH
CVE-2018-13352
all versions
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a wor
7.5
HIGH
CVE-2018-13351
all versions
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit passwo
4.8
MEDIUM
CVE-2018-13350
all versions
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
9.8
CRITICAL
CVE-2018-13349
all versions
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via t
6.1
MEDIUM
CVE-2018-13338
all versions
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "us
9.8
CRITICAL
CVE-2018-13336
all versions
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pw
9.8
CRITICAL
CVE-2018-13335
all versions
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared
5.4
MEDIUM
CVE-2018-13333
all versions
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions w
6.1
MEDIUM
CVE-2018-13332
all versions
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary lo
7.5
HIGH
CVE-2018-13331
all versions
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users
6.1
MEDIUM
CVE-2018-13330
all versions
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during grou
7.2
HIGH
CVE-2018-13337
all versions
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via
5.4
MEDIUM
CVE-2018-13334
all versions
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysna
6.1
MEDIUM
CVE-2018-13329
all versions
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL
6.1
MEDIUM
CVE-2017-9328
<= 3.0.33
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin