What is CVE-2020-28188?

CVE-2020-28188 is a vulnerability in N/a. Published 2020-12-24.

Is CVE-2020-28188 known to be exploited?

22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-28188

Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.

EPSS: 0.934 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
0day404/vulnerability-poc
20142995/Goby
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
ArrestX/--POC
Dark-Clown-Security/RCE_
EdgeSecurityTeam/Vulnerability
Elsfa7-110/kenzer-templates

References

www.terra-master.com/
www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-cre…
packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Executi…

Frequently asked questions

What is CVE-2020-28188?: CVE-2020-28188 is a vulnerability in N/a. Published 2020-12-24.
Is CVE-2020-28188 known to be exploited?: 22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.