Shodan
Vulnerabilities
Vulnerable Software
Terra-Master:  Security Vulnerabilities
CVE-2019-18385
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-10-23
CVE-2019-18383
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-10-23
CVE-2018-13359
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
CVSS Score
8.8
EPSS Score
0.026
Published
2018-11-27
CVE-2018-13360
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13361
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.
CVSS Score
5.3
EPSS Score
0.016
Published
2018-11-27
CVE-2018-13418
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.
CVSS Score
8.8
EPSS Score
0.12
Published
2018-11-27
CVE-2018-13330
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
CVSS Score
7.2
EPSS Score
0.126
Published
2018-11-27
CVE-2018-13331
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13332
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-11-27
CVE-2018-13333
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved