10 matches found
TerraMaster TOS - Unauthenticated Remote Command Execution
TerraMaster TOS = 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter. id: CVE-2020-28188 info: name: TerraMaster TOS - Unauthenticated Remote Command Execution...
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as...
TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution
This module exploits an unauthenticated remote code-execution vulnerability in TerraMaster TOS 4.2.06 and lower via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system und...
FreakOut Botnet Turns DVRs Into Monero Cryptominers
Threat group FreakOut’s Necro botnet has developed a new trick: infecting Visual Tools DVRs with a Monero miner. Juniper Threat Labs researchers have issued a report detailing new activities from FreakOut, also known as Necro Python and Python.IRCBot. In late September, the team noticed that the...
TerraMaster TOS Command Injection (CVE-2020-28188)
A command injection vulnerability exists in TerraMaster TOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2020-28188
creationtimestamp| type| source ---|---|--- 2020-12-24 18:55:46+00:00| seen| https://t.me/cibsecurity/21288 2021-05-07 09:09:49+00:00| seen| https://t.me/pwnwikizhchannel/382 2023-06-09 23:11:26+00:00| seen|...
CVE-2020-28188
Remote Command Execution RCE vulnerability in TerraMaster TOS = 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter...
CVE-2020-28188
Remote Command Execution RCE vulnerability in TerraMaster TOS = 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. Recent assessments: gwillcox-r7 at January 21, 2021 3:28am UTC reported: Noted as exploited in the wild by CheckPoint...
CVE-2020-28188
Remote Command Execution RCE vulnerability in TerraMaster TOS = 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter...
CVE-2020-28188
TerraMaster TOS is affected up to version 4.2.06 with unauthenticated remote code execution via /include/makecvs.php in the Event parameter. The underlying issue is a command-injection flaw that lets an attacker run arbitrary OS commands on the system, typically with the web app user privileges. ...