Описание
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-28188
- https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet
- https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities
- https://www.terra-master.com
- http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html
Связанные уязвимости
CVSS3: 9.8
nvd
около 5 лет назад
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
CVSS3: 9.8
fstec
около 5 лет назад
Уязвимость параметра «Event» (/include/makecvs.php) операционной системы TerraMaster TOS, позволяющая нарушителю выполнить произвольный код