TerraMaster TOS <= 4.2.06 Remote Command Execution (RCE) Vulnerability

TerraMaster TOS <= 4.2.06 Remote Command Execution (RCE) Vulnerability

CVE-2020-28188 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.

Learn more about our Web Application Penetration Testing UK.