Tos@* Security Vulnerabilities and Issues — Tos@* CVE List

Lucene search

Terra-masterTos*

9 matches found

CVE•added 2020/12/24 3:15 p.m.•230 views

CVE-2020-28188

Remote Command Execution (RCE) vulnerability in TerraMaster TOS

10CVSS9.6AI score0.9344EPSS

CVE•added 2021/01/30 5:15 a.m.•203 views

CVE-2020-15568

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.

10CVSS9.6AI score0.9312EPSS

CVE•added 2020/12/24 3:15 p.m.•56 views

CVE-2020-28185

User Enumeration vulnerability in TerraMaster TOS

5.3CVSS5.7AI score0.88628EPSS

CVE•added 2020/12/24 3:15 p.m.•50 views

CVE-2020-28187

Multiple directory traversal vulnerabilities in TerraMaster TOS

10CVSS9.1AI score0.64157EPSS

CVE•added 2020/12/24 3:15 p.m.•45 views

CVE-2020-28186

Email Injection in TerraMaster TOS

7.3CVSS8AI score0.30022EPSS

CVE•added 2020/12/24 3:15 p.m.•44 views

CVE-2020-29189

Incorrect Access Control vulnerability in TerraMaster TOS

8.1CVSS8.1AI score0.0022EPSS

CVE•added 2020/12/24 3:15 p.m.•42 views

CVE-2020-28190

TerraMaster TOS

5.9CVSS6.6AI score0.00241EPSS

CVE•added 2020/12/24 3:15 p.m.•41 views

CVE-2020-28184

Cross-site scripting (XSS) vulnerability in TerraMaster TOS

5.4CVSS5.6AI score0.00242EPSS

CVE•added 2024/06/14 3:15 p.m.•35 views

CVE-2024-34539

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions.

9.4CVSS6.8AI score0.00302EPSS