What is CVE-2020-35665?

CVE-2020-35665 is a vulnerability in N/a. Published 2020-12-23.

Is CVE-2020-35665 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.

EPSS: 0.886 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
cyb3r-w0lf/nuclei-template-collection
h00die-gr3y/Metasploit

References

www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-…
49330 (exploit)
packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Executi…

Frequently asked questions

What is CVE-2020-35665?: CVE-2020-35665 is a vulnerability in N/a. Published 2020-12-23.
Is CVE-2020-35665 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.