Every CVE whose affected-product data names Terra-master Tos, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2020-15568 — CVSS 9.8 (critical): TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method…
CVE-2021-45840 — CVSS 9.8 (critical): It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically…
CVE-2021-45837 — CVSS 9.8 (critical): It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically…
CVE-2020-28187 — CVSS 9.8 (critical): Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any…
CVE-2020-28188 — CVSS 9.8 (critical): Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via…
CVE-2021-45836 — CVSS 8.8 (high): An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a…
CVE-2020-29189 — CVSS 8.1 (high): Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction…
CVE-2021-45841 — CVSS 8.1 (high): In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address…
CVE-2021-45842 — CVSS 7.5 (high): It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as…
CVE-2020-28186 — CVSS 7.3 (high): Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve…
CVE-2021-45839 — CVSS 6.5 (medium): It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as…
CVE-2020-28190 — CVSS 5.9 (medium): TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP)…
CVE-2020-28184 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or…
CVE-2020-28185 — CVSS 5.3 (medium): User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the…