terra-master terramaster_operating_system の CVE(28 件)

CVE 件数: 28 CPE versions: View versions table

概要

本ページは terra-master terramaster_operating_system に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。

表示中 120 / 28 CVE 件数
«« 先頭 « 前へ 1 / 2 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2022-24989 TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used. [email protected] 9.8 31.88% 2023-08-20 2026-06-17
CVE-2022-24990 KEV TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. [email protected] 7.5 84.05% 2023-02-07 2026-06-17
CVE-2020-35665 An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. [email protected] 9.8 78.14% 2020-12-23 2026-06-16
CVE-2018-13418 System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter. [email protected] 8.8 5.18% 2018-11-27 2026-06-16
CVE-2018-13361 User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter. [email protected] 5.3 16.93% 2018-11-27 2026-06-16
CVE-2018-13360 Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. [email protected] 6.1 1.32% 2018-11-27 2026-06-16
CVE-2018-13359 Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter. [email protected] 8.8 19.88% 2018-11-27 2026-06-16
CVE-2018-13358 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter. [email protected] 8.8 24.95% 2018-11-27 2026-06-16
CVE-2018-13357 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names. [email protected] 5.4 0.85% 2018-11-27 2026-06-16
CVE-2018-13356 Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. [email protected] 8.8 2.01% 2018-11-27 2026-06-16
CVE-2018-13355 Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. [email protected] 6.5 1.06% 2018-11-27 2026-06-16
CVE-2018-13354 System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. [email protected] 9.8 22.86% 2018-11-27 2026-06-16
CVE-2018-13353 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. [email protected] 8.8 5.95% 2018-11-27 2026-06-16
CVE-2018-13352 Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory. [email protected] 7.5 1.93% 2018-11-27 2026-06-16
CVE-2018-13351 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. [email protected] 4.8 0.86% 2018-11-27 2026-06-16
CVE-2018-13350 SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. [email protected] 9.8 16.66% 2018-11-27 2026-06-16
CVE-2018-13349 Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username. [email protected] 6.1 1.08% 2018-11-27 2026-06-16
CVE-2018-13338 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. [email protected] 9.8 10.23% 2018-11-27 2026-06-16
CVE-2018-13336 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. [email protected] 9.8 9.10% 2018-11-27 2026-06-16
CVE-2018-13335 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. [email protected] 5.4 0.85% 2018-11-27 2026-06-16
«« 先頭 « 前へ 1 / 2 次へ »
cvelogic Threat Intelligence