Vulnerabilities > Terra Master
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-23 | CVE-2019-18384 | Unspecified vulnerability in Terra-Master Fs-210 Firmware 4.0.19 An issue was discovered on TerraMaster FS-210 4.0.19 devices. | 4.0 |
| 2019-10-23 | CVE-2019-18383 | Missing Authorization vulnerability in Terra-Master Fs-210 Firmware 4.0.19 An issue was discovered on TerraMaster FS-210 4.0.19 devices. | 5.0 |
| 2018-11-27 | CVE-2018-13418 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter. | 9.0 |
| 2018-11-27 | CVE-2018-13361 | Improper Input Validation vulnerability in Terra-Master Terramaster Operating System 3.1.03 User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter. | 5.0 |
| 2018-11-27 | CVE-2018-13360 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. | 4.3 |
| 2018-11-27 | CVE-2018-13359 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter. | 6.8 |
| 2018-11-27 | CVE-2018-13358 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter. | 9.0 |
| 2018-11-27 | CVE-2018-13357 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names. | 3.5 |
| 2018-11-27 | CVE-2018-13356 | Incorrect Authorization vulnerability in Terra-Master Terramaster Operating System 3.1.03 Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. | 9.0 |
| 2018-11-27 | CVE-2018-13355 | Incorrect Permission Assignment for Critical Resource vulnerability in Terra-Master Terramaster Operating System 3.1.03 Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. | 4.0 |