Vulnerability Details CVE-2020-28185
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.896
EPSS Ranking 99.5%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2020-28185
-
cpe:2.3:o:terra-master:tos:-
-
cpe:2.3:o:terra-master:tos:4.0.02
-
cpe:2.3:o:terra-master:tos:4.0.09
-
cpe:2.3:o:terra-master:tos:4.0.17
-
cpe:2.3:o:terra-master:tos:4.0.18
-
cpe:2.3:o:terra-master:tos:4.1.18
-
cpe:2.3:o:terra-master:tos:4.1.21
-
cpe:2.3:o:terra-master:tos:4.1.24
-
cpe:2.3:o:terra-master:tos:4.1.27
-
cpe:2.3:o:terra-master:tos:4.1.28
-
cpe:2.3:o:terra-master:tos:4.1.29
-
cpe:2.3:o:terra-master:tos:4.1.30
-
cpe:2.3:o:terra-master:tos:4.1.31
-
cpe:2.3:o:terra-master:tos:4.2.04
-
cpe:2.3:o:terra-master:tos:4.2.05
-
cpe:2.3:o:terra-master:tos:4.2.06