CVE-2018-13354

CRITICAL IN THE WILD

TerraMaster TOS 3.1.03 - OS Command Injection via Event Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-13354 has been observed exploited in the wild (reported by InTheWild.io).

Description

System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.2286
EPSS Percentile 97.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

InTheWild.io 2021-04-18
CWE
CWE-78
Status published
Products (1)
terra-master/terramaster_operating_system 3.1.03
Published Nov 27, 2018
Tracked Since Feb 18, 2026