VulnCheck KEV: CVE-2022-24990

TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint...

PT-2022-1803 · Terramaster · Terramaster Tos

Name of the Vulnerable Software and Affected Versions: TerraMaster OS versions 4.2.29 and earlier Description: The issue is related to the webNasIPS module in TerraMaster OS, which allows for the injection of arbitrary commands. This can enable a remote attacker to gain access to protected...

CVE-2020-28185

User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php...

PT-2020-17380 · Terramaster · Terramaster Tos

Name of the Vulnerable Software and Affected Versions: TerraMaster TOS versions 4.2.06 and earlier Description: An unauthenticated command-execution issue exists via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. Recommendations: For TerraMaster TOS versio...

TerraMaster Operating System SQL Injection

SQL Injection vulnerability in TerraMaster Operating System Event parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...