Vulnerabilities > Terra Master > Terramaster Operating System > High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-07	CVE-2022-24990	Missing Authentication for Critical Function vulnerability in Terra-Master Terramaster Operating System TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. network low complexity terra-master CWE-306	7.5
2018-11-27	CVE-2018-13350	SQL Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. network low complexity terra-master CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.