Vulnerabilities > Terra Master

DATE CVE VULNERABILITY TITLE RISK
2022-04-25 CVE-2021-45836 Unspecified vulnerability in Terra-Master TOS 4.2.152107141517
An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app.
network
low complexity
terra-master
critical
9.0
2022-04-25 CVE-2021-45837 Unspecified vulnerability in Terra-Master TOS 4.2.152107141517
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.
network
low complexity
terra-master
critical
10.0
2022-04-25 CVE-2021-45839 Unspecified vulnerability in Terra-Master TOS 4.2.152107141517
It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc.
network
low complexity
terra-master
4.0
2022-04-25 CVE-2021-45840 Unspecified vulnerability in Terra-Master TOS 4.2.152107141517
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.
network
low complexity
terra-master
critical
10.0
2022-04-25 CVE-2021-45841 Unspecified vulnerability in Terra-Master TOS 4.2.152107141517
In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash.
network
terra-master
6.8
2022-04-25 CVE-2021-45842 Unspecified vulnerability in Terra-Master TOS 4.2.152107141517
It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc.
network
low complexity
terra-master
5.0
2021-04-03 CVE-2021-30127 Incorrect Authorization vulnerability in Terra-Master F2-210 Firmware 4.0.19
TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation.
network
low complexity
terra-master CWE-863
7.5
2021-01-30 CVE-2020-15568 OS Command Injection vulnerability in Terra-Master TOS
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root.
network
low complexity
terra-master CWE-78
critical
10.0
2020-12-24 CVE-2020-29189 Incorrect Authorization vulnerability in Terra-Master TOS
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS
network
low complexity
terra-master CWE-863
5.5
2020-12-24 CVE-2020-28190 Unspecified vulnerability in Terra-Master TOS
TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP).
network
terra-master
4.3