The following advisory describes a unauthenticated remote command execution found in TerraMaster TOS 3.0.33.
TOS is a “Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the third generation operating system newly launched.”
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
The vendor stated that version 3.1.03 of TerraMaster TOS is no longer vulnerable to this vulnerability, the latest version of the software can be obtained from: http://download.terra-master.com/download.php.