CVE-2020-28186
- EPSS 4.13%
- Veröffentlicht 24.12.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:22:26
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.
- EPSS 16.35%
- Veröffentlicht 24.12.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:22:26
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to ...
- EPSS 96.6%
- Veröffentlicht 24.12.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:22:27
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
CVE-2020-28190
- EPSS 0.78%
- Veröffentlicht 24.12.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:22:27
TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or upd...
CVE-2020-29189
- EPSS 1.24%
- Veröffentlicht 24.12.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:23:46
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS