Vulnerabilities > Terra Master > TOS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-25 | CVE-2021-45839 | Unspecified vulnerability in Terra-Master TOS 4.2.152107141517 It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. | 6.5 |
| 2020-12-24 | CVE-2020-28190 | Unspecified vulnerability in Terra-Master TOS TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). | 5.9 |
| 2020-12-24 | CVE-2020-28185 | Unspecified vulnerability in Terra-Master TOS User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. | 5.3 |
| 2020-12-24 | CVE-2020-28184 | Cross-site Scripting vulnerability in Terra-Master TOS Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php. | 5.4 |