CVE-2020-35665

Опубликовано: 23 дек. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Высокий

Описание

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.

Ссылки

http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html
https://www.exploit-db.com/exploits/49330
Exploit
Third Party Advisory
VDB Entry
https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html
https://www.exploit-db.com/exploits/49330
Exploit
Third Party Advisory
VDB Entry
https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:terra-master:terramaster_operating_system:*:*:*:*:*:*:*:*

Версия до 4.2.06 (включая)

EPSS

Процентиль: 100%

0.89253

Высокий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-wf5j-wf7x-99jg