Vulnerability Details CVE-2020-28186
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.3
EPSS Ranking 96.3%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 6.8
References
Products affected by CVE-2020-28186
-
cpe:2.3:o:terra-master:tos:-
-
cpe:2.3:o:terra-master:tos:4.0.02
-
cpe:2.3:o:terra-master:tos:4.0.09
-
cpe:2.3:o:terra-master:tos:4.0.17
-
cpe:2.3:o:terra-master:tos:4.0.18
-
cpe:2.3:o:terra-master:tos:4.1.18
-
cpe:2.3:o:terra-master:tos:4.1.21
-
cpe:2.3:o:terra-master:tos:4.1.24
-
cpe:2.3:o:terra-master:tos:4.1.27
-
cpe:2.3:o:terra-master:tos:4.1.28
-
cpe:2.3:o:terra-master:tos:4.1.29
-
cpe:2.3:o:terra-master:tos:4.1.30
-
cpe:2.3:o:terra-master:tos:4.1.31
-
cpe:2.3:o:terra-master:tos:4.2.04
-
cpe:2.3:o:terra-master:tos:4.2.05
-
cpe:2.3:o:terra-master:tos:4.2.06