Vulnerabilities > Terra Master > Terramaster Operating System > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-07 | CVE-2022-24990 | Missing Authentication for Critical Function vulnerability in Terra-Master Terramaster Operating System TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. | 7.5 |
| 2018-11-27 | CVE-2018-13418 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter. | 8.8 |
| 2018-11-27 | CVE-2018-13359 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter. | 8.8 |
| 2018-11-27 | CVE-2018-13358 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter. | 8.8 |
| 2018-11-27 | CVE-2018-13356 | Incorrect Authorization vulnerability in Terra-Master Terramaster Operating System 3.1.03 Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. | 8.8 |
| 2018-11-27 | CVE-2018-13353 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. | 8.8 |
| 2018-11-27 | CVE-2018-13352 | Information Exposure vulnerability in Terra-Master Terramaster Operating System 3.1.03 Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory. | 7.5 |
| 2018-11-27 | CVE-2018-13332 | Path Traversal vulnerability in Terra-Master Terramaster Operating System 3.1.03 Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter. | 7.5 |
| 2018-11-27 | CVE-2018-13330 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter. | 7.2 |