vulnerability

TerraMaster TOS Remote Code Execution (CVE-2020-28188)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Dec 24, 2020

Added

Jan 26, 2021

Modified

Jan 26, 2021

Description

Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.

Solution

terramaster-tos-upgrade-latest

References

CVE-2020-28188
https://attackerkb.com/topics/CVE-2020-28188
https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
https://www.terra-master.com/us/

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report