Terra Master Terra Master

  1. Vendors
  2. Terra Master

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Terra Master product.

RSS Feeds for Terra Master security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Terra Master products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Terra Master Sorted by Most Security Vulnerabilities since 2018

Terra Master Terramaster Operating System26 vulnerabilities

Terra Master Tos1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Terra Master. Terra Master did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 0 0.00
2023 1 9.80
2022 0 0.00
2021 0 0.00
2020 2 9.80
2019 0 0.00
2018 24 7.28

It may take a day or so for new Terra Master vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Terra Master Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2022-24990 Feb 07, 2023
TerraMaster NAS <=4.2.29 Remote Admin Password Disclosure via API TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
Terramaster Operating System
CVE-2020-28188 Dec 24, 2020
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
Tos
CVE-2020-35665 Dec 23, 2020
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
Terramaster Operating System
CVE-2018-13353 Nov 27, 2018
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
Terramaster Operating System
CVE-2018-13352 Nov 27, 2018
Session Exposure in the web application for TerraMaster TOS version 3.1.03 Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
Terramaster Operating System
CVE-2018-13354 Nov 27, 2018
System command injection in logtable.php in TerraMaster TOS version 3.1.03 System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
Terramaster Operating System
CVE-2018-13355 Nov 27, 2018
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.
Terramaster Operating System
CVE-2018-13356 Nov 27, 2018
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
Terramaster Operating System
CVE-2018-13357 Nov 27, 2018
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.
Terramaster Operating System
CVE-2018-13360 Nov 27, 2018
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.
Terramaster Operating System
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.