Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:terra-master:tos:4.2.06:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-29189 |
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS Published: December 24, 2020; 10:15:13 AM -0500 |
V3.1: 8.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2020-28190 |
TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates. Published: December 24, 2020; 10:15:13 AM -0500 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-28188 |
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. Published: December 24, 2020; 10:15:13 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2020-28187 |
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php. Published: December 24, 2020; 10:15:13 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2020-28186 |
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover. Published: December 24, 2020; 10:15:13 AM -0500 |
V3.1: 7.3 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-28185 |
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. Published: December 24, 2020; 10:15:13 AM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2020-28184 |
Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php. Published: December 24, 2020; 10:15:13 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |