Vulnerability Details CVE-2020-28190
TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.5%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2020-28190
-
cpe:2.3:o:terra-master:tos:-
-
cpe:2.3:o:terra-master:tos:4.0.02
-
cpe:2.3:o:terra-master:tos:4.0.09
-
cpe:2.3:o:terra-master:tos:4.0.17
-
cpe:2.3:o:terra-master:tos:4.0.18
-
cpe:2.3:o:terra-master:tos:4.1.18
-
cpe:2.3:o:terra-master:tos:4.1.21
-
cpe:2.3:o:terra-master:tos:4.1.24
-
cpe:2.3:o:terra-master:tos:4.1.27
-
cpe:2.3:o:terra-master:tos:4.1.28
-
cpe:2.3:o:terra-master:tos:4.1.29
-
cpe:2.3:o:terra-master:tos:4.1.30
-
cpe:2.3:o:terra-master:tos:4.1.31
-
cpe:2.3:o:terra-master:tos:4.2.04
-
cpe:2.3:o:terra-master:tos:4.2.05
-
cpe:2.3:o:terra-master:tos:4.2.06