CVE-2020-28186
- EPSS 30.02%
- Veröffentlicht 24.12.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:22:26
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.
- EPSS 64.16%
- Veröffentlicht 24.12.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:22:26
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to ...
- EPSS 93.44%
- Veröffentlicht 24.12.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:22:27
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
CVE-2020-28190
- EPSS 0.24%
- Veröffentlicht 24.12.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:22:27
TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or upd...
CVE-2020-29189
- EPSS 0.16%
- Veröffentlicht 24.12.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:23:46
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS