CVE-2020-28188 Scanner

TerraMaster TOS is a network-attached storage (NAS) operating system that is used for data storage and backup purposes. This product is commonly used in small to medium-sized businesses or home offices to store and share data securely. It comes with a user-friendly interface that allows easy configuration and management of the system.

The CVE-2020-28188 vulnerability is a critical Remote Command Execution (RCE) security flaw that affects TerraMaster TOS versions up to 4.2.06. This vulnerability allows unauthorized remote attackers to execute arbitrary commands through the /include/makecvs.php file in the Event parameter. Once exploited, attackers can gain full control over the system and steal sensitive information, corrupt or delete files, or install malware.

When exploited, this vulnerability can lead to severe consequences, including data loss, unauthorized access to confidential information, and system compromise. Attackers can install backdoors and gain persistence on the system, making it a constant threat for the organization. Moreover, this vulnerability can also lead to reputational and financial loss.

Thanks to the pro features of the securityforeveryone.com platform, users can easily and quickly learn about vulnerabilities in their digital assets. With securityforeveryone.com, users can scan their systems for vulnerabilities, get detailed reports on security issues, and receive recommendations to secure their systems. Stay safe and protected with Security for Everyone.

REFERENCES

• https://www.terra-master.com/ 
• https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ 
• https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/ 
• http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html