Vulnerabilities > Terra Master > Terramaster Operating System > 3.0.33
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-20 | CVE-2022-24989 | Injection vulnerability in Terra-Master Terramaster Operating System TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. | 9.8 |
| 2023-02-07 | CVE-2022-24990 | Missing Authentication for Critical Function vulnerability in Terra-Master Terramaster Operating System TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. | 7.5 |
| 2020-12-23 | CVE-2020-35665 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.0.33/3.1.03/4.2.06 An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. | 9.8 |
| 2017-09-15 | CVE-2017-9328 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.0.33 Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. | 9.8 |