CWE-78

System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the “newname” parameter.

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the “checkport” parameter.

System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the “Event” parameter.

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the “checkName” parameter.

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the “name” parameter.

System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters.