Vulnerability feed

Vulnerability

CVE-2020-15568

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2020-15568
Description:: TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.
Last updated date:: 07/21/2021

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 09/30/2021
Reference url to background: https://blogs.juniper.net/en-us/threat-research/necro-python-botnet-goes-after-vulnerable-visualtools-dvr

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/21/2021
Reference url to background: https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/21/2023
Reference url to background: https://github.com/divinepwner/TerraMaster-TOS-CVE-2020-15568

Vulnerability Feed Contributors About Blog

@inTheWild

©2024 |