Vulnerabilities (CVE)

Filtered by vendor Terra-master Subscribe

Filtered by product F2-210

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-24989	1 Terra-master	30 F2-210, F2-221, F2-223 and 27 more	2023-08-24	N/A	9.8 CRITICAL
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.
CVE-2021-45837	1 Terra-master	3 F2-210, F4-210, Tos	2022-05-05	10.0 HIGH	9.8 CRITICAL
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.
CVE-2021-45840	1 Terra-master	3 F2-210, F4-210, Tos	2022-05-05	10.0 HIGH	9.8 CRITICAL
It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.