Vulnerabilities > Terra Master > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-25 | CVE-2021-45839 | Unspecified vulnerability in Terra-Master TOS 4.2.152107141517 It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. | 6.5 |
| 2020-12-24 | CVE-2020-28190 | Unspecified vulnerability in Terra-Master TOS TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). | 5.9 |
| 2020-12-24 | CVE-2020-28185 | Unspecified vulnerability in Terra-Master TOS User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. | 5.3 |
| 2020-12-24 | CVE-2020-28184 | Cross-site Scripting vulnerability in Terra-Master TOS Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php. | 5.4 |
| 2019-10-23 | CVE-2019-18384 | Unspecified vulnerability in Terra-Master Fs-210 Firmware 4.0.19 An issue was discovered on TerraMaster FS-210 4.0.19 devices. | 6.5 |
| 2018-11-27 | CVE-2018-13361 | Improper Input Validation vulnerability in Terra-Master Terramaster Operating System 3.1.03 User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter. | 5.3 |
| 2018-11-27 | CVE-2018-13360 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. | 6.1 |
| 2018-11-27 | CVE-2018-13357 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names. | 5.4 |
| 2018-11-27 | CVE-2018-13355 | Incorrect Permission Assignment for Critical Resource vulnerability in Terra-Master Terramaster Operating System 3.1.03 Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. | 6.5 |
| 2018-11-27 | CVE-2018-13351 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. | 4.8 |