exploitDog

CVE-2020-28190

Опубликовано: 24 дек. 2020

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates.

Ссылки

https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://www.terra-master.com/
Vendor Advisory
https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://www.terra-master.com/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:*

Версия до 4.2.06 (включая)

EPSS

Процентиль: 47%

0.00241

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8vhf-89h2-fwh8

github

больше 3 лет назад

TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates.

EPSS

Процентиль: 47%

0.00241

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo