CVE-2020-28188
CRITICAL WAF: High
CVSS 9.8
Published: 2020-12-24
CWE-78
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| terra-master | tos | up to 4.2.06 |
References
- packetstormsecurity.com
- research.checkpoint.com (Exploit, Third Party Advisory)
- www.ihteam.net (Exploit, Third Party Advisory)
- www.terra-master.com (Vendor Advisory)