Vulnerability Details CVE-2020-28187
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.642
EPSS Ranking 98.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2020-28187
-
cpe:2.3:o:terra-master:tos:-
-
cpe:2.3:o:terra-master:tos:4.0.02
-
cpe:2.3:o:terra-master:tos:4.0.09
-
cpe:2.3:o:terra-master:tos:4.0.17
-
cpe:2.3:o:terra-master:tos:4.0.18
-
cpe:2.3:o:terra-master:tos:4.1.18
-
cpe:2.3:o:terra-master:tos:4.1.21
-
cpe:2.3:o:terra-master:tos:4.1.24
-
cpe:2.3:o:terra-master:tos:4.1.27
-
cpe:2.3:o:terra-master:tos:4.1.28
-
cpe:2.3:o:terra-master:tos:4.1.29
-
cpe:2.3:o:terra-master:tos:4.1.30
-
cpe:2.3:o:terra-master:tos:4.1.31
-
cpe:2.3:o:terra-master:tos:4.2.04
-
cpe:2.3:o:terra-master:tos:4.2.05
-
cpe:2.3:o:terra-master:tos:4.2.06