Known Vulnerabilities for products from Terra-master
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Terra-master".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Terra-master can be found at device.report : Terra-master
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24990 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-02-07 | 2023-08-08 |
| CVE-2022-24989 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2023-08-20 | 2023-08-24 |
| CVE-2021-45842 json | It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on... | 7.5 - HIGH | 2022-04-25 | 2022-05-05 |
| CVE-2021-45841 json | In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target'... | 8.1 - HIGH | 2022-04-25 | 2023-08-08 |
| CVE-2021-45840 json | It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending s... | 9.8 - CRITICAL | 2022-04-25 | 2022-05-05 |
| CVE-2021-45839 json | It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-... | 6.5 - MEDIUM | 2022-04-25 | 2023-06-12 |
| CVE-2021-45837 json | It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a... | 9.8 - CRITICAL | 2022-04-25 | 2023-06-12 |
| CVE-2021-45836 json | An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) ... | 8.8 - HIGH | 2022-04-25 | 2022-05-05 |
| CVE-2021-30127 json | TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port ... | 7.3 - HIGH | 2021-04-03 | 2022-07-12 |
| CVE-2020-35665 json | An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the E... | 9.8 - CRITICAL | 2020-12-23 | 2023-06-12 |
| CVE-2020-29189 json | Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only... | 8.1 - HIGH | 2020-12-24 | 2021-07-21 |
| CVE-2020-28190 json | TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Ma... | 5.9 - MEDIUM | 2020-12-24 | 2020-12-28 |
| CVE-2020-28188 json | Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS... | 9.8 - CRITICAL | 2020-12-24 | 2023-06-12 |
| CVE-2020-28187 json | Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit ... | 9.8 - CRITICAL | 2020-12-24 | 2020-12-28 |
| CVE-2020-28186 json | Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionali... | 7.3 - HIGH | 2020-12-24 | 2020-12-28 |
| CVE-2020-28185 json | User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users w... | 5.3 - MEDIUM | 2020-12-24 | 2020-12-28 |
| CVE-2020-28184 json | Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary w... | 5.4 - MEDIUM | 2020-12-24 | 2020-12-28 |
| CVE-2020-15568 json | TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class me... | 9.8 - CRITICAL | 2021-01-30 | 2021-07-21 |
| CVE-2019-18385 json | An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the incl... | 7.5 - HIGH | 2019-10-23 | 2019-10-30 |
| CVE-2019-18384 json | An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauth... | 6.5 - MEDIUM | 2019-10-23 | 2020-08-24 |
Known software with vulnerabilities from Terra-master
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Terra-master | F2-210 | - |
| Operating System | Terra-master | F2-210 Firmware | 4.0.19 |
| Hardware | Terra-master | Fs-210 | - |
| Operating System | Terra-master | Fs-210 Firmware | 4.0.19 |
| Operating System | Terra-master | Terramaster Operating System | 3.1.03 |
| Operating System | Terra-master | Tos | - |
| Application | Terra-master | Tos | 3.0.33 |