Vulnerabilities > Terra Master > Terramaster Operating System > 4.2.29
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-20 | CVE-2022-24989 | Injection vulnerability in Terra-Master Terramaster Operating System TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. | 9.8 |
| 2023-02-07 | CVE-2022-24990 | Missing Authentication for Critical Function vulnerability in Terra-Master Terramaster Operating System TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. | 7.5 |