Terramaster Operating System Terra Master Terramaster Operating System

  1. Vendors
  2. Terra Master
  3. Terramaster Operating System

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Terra Master Terramaster Operating System.

By the Year

In 2026 there have been 0 vulnerabilities in Terra Master Terramaster Operating System. Terramaster Operating System did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 0 0.00
2023 1 9.80
2022 0 0.00
2021 0 0.00
2020 1 9.80
2019 0 0.00
2018 24 7.28

It may take a day or so for new Terramaster Operating System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Terra Master Terramaster Operating System Security Vulnerabilities

TerraMaster NAS <=4.2.29 Remote Admin Password Disclosure via API
CVE-2022-24990 9.8 - Critical - February 07, 2023

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.

Missing Authentication for Critical Function

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06
CVE-2020-35665 9.8 - Critical - December 23, 2020

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.

Shell injection

Session Exposure in the web application for TerraMaster TOS version 3.1.03
CVE-2018-13352 7.5 - High - November 27, 2018

Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.

Information Disclosure

System command injection in ajaxdata.php in TerraMaster TOS 3.1.03
CVE-2018-13418 8.8 - High - November 27, 2018

System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.

Shell injection

User enumeration in usertable.php in TerraMaster TOS version 3.1.03
CVE-2018-13361 5.3 - Medium - November 27, 2018

User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.

Improper Input Validation

Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03
CVE-2018-13360 6.1 - Medium - November 27, 2018

Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.

XSS

Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03
CVE-2018-13359 8.8 - High - November 27, 2018

Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.

XSS

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03
CVE-2018-13358 8.8 - High - November 27, 2018

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.

Shell injection

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03
CVE-2018-13357 5.4 - Medium - November 27, 2018

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.

XSS

Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03
CVE-2018-13356 8.8 - High - November 27, 2018

Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.

AuthZ

Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03
CVE-2018-13355 6.5 - Medium - November 27, 2018

Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.

Incorrect Permission Assignment for Critical Resource

System command injection in logtable.php in TerraMaster TOS version 3.1.03
CVE-2018-13354 9.8 - Critical - November 27, 2018

System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.

Shell injection

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03
CVE-2018-13353 8.8 - High - November 27, 2018

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.

Shell injection

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03
CVE-2018-13351 4.8 - Medium - November 27, 2018

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.

XSS

SQL injection in logtable.php in TerraMaster TOS version 3.1.03
CVE-2018-13350 9.8 - Critical - November 27, 2018

SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.

SQL Injection

Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03
CVE-2018-13349 6.1 - Medium - November 27, 2018

Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.

XSS

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03
CVE-2018-13338 9.8 - Critical - November 27, 2018

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.

Shell injection

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03
CVE-2018-13336 9.8 - Critical - November 27, 2018

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.

Shell injection

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03
CVE-2018-13335 5.4 - Medium - November 27, 2018

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.

XSS

Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03
CVE-2018-13333 6.1 - Medium - November 27, 2018

Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.

XSS

Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03
CVE-2018-13332 7.5 - High - November 27, 2018

Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.

Directory traversal

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03
CVE-2018-13331 6.1 - Medium - November 27, 2018

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.

XSS

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03
CVE-2018-13330 7.2 - High - November 27, 2018

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.

Shell injection

Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03
CVE-2018-13329 6.1 - Medium - November 27, 2018

Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.

XSS

Session Fixation in the web application for TerraMaster TOS version 3.1.03
CVE-2018-13337 5.4 - Medium - November 27, 2018

Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.

Session Fixation

Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03
CVE-2018-13334 6.1 - Medium - November 27, 2018

Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Terra Master Terramaster Operating System or by Terra Master? Click the Watch button to subscribe.

Terra Master
Vendor

Terra Master Terramaster Operating System
Product

subscribe