5 matches found
CVE-2020-15568
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter...
FreakOut Botnet Turns DVRs Into Monero Cryptominers
Threat group FreakOut’s Necro botnet has developed a new trick: infecting Visual Tools DVRs with a Monero miner. Juniper Threat Labs researchers have issued a report detailing new activities from FreakOut, also known as Necro Python and Python.IRCBot. In late September, the team noticed that the...
CVE-2020-15568
creationtimestamp| type| source ---|---|--- 2021-06-09 06:36:44+00:00| seen| https://t.me/pwnwikizhchannel/623 2022-06-08 21:34:32+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/1593 2024-11-30 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabiliti...
TerraMaster TOS Command Injection (CVE-2020-15568)
A command injection vulnerability exists in TerraMaster TOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2020-15568
TerraMaster TOS before 4.1.29 contains a dynamic class method invocation flaw in include/exportUser.php due to invalid parameter checking. An attacker can trigger a call to exec with OS commands (e.g., via the opt parameter), enabling remote code execution as root. Public guidance notes remediati...