CVE-2018-13354
CRITICAL IN THE WILDTerraMaster TOS 3.1.03 - OS Command Injection via Event Parameter
Title source: llmExploitation Summary
CVE-2018-13354 has been observed exploited in the wild (reported by InTheWild.io).
Description
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a
Scores
CVSS v3
9.8
EPSS
0.2286
EPSS Percentile
97.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
InTheWild.io
2021-04-18
CWE
CWE-78
Status
published
Products (1)
terra-master/terramaster_operating_system
3.1.03
Published
Nov 27, 2018
Tracked Since
Feb 18, 2026