PT-2020-16941 · Terramaster · Terramaster Tos

R00T

Published

2020-12-24

Updated

2020-12-28

CVE-2020-28186

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions TerraMaster TOS versions prior to 4.2.07

Description The issue allows remote unauthenticated attackers to abuse the forget password functionality, which can lead to account takeover.

Recommendations For versions prior to 4.2.07, update to version 4.2.07 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2020-28186

Terramaster Tos