PT-2020-16944 · Terramaster · Terramaster Tos

Published

2020-12-24

Updated

2020-12-28

CVE-2020-28190

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions TerraMaster TOS versions prior to 4.2.07

Description The issue allows man-in-the-middle attackers to intercept update requests and serve malicious updates or applications, as the update checks are performed via an insecure channel, specifically HTTP.

Recommendations For versions prior to 4.2.07, update to version 4.2.07 or later to ensure update checks are performed securely.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-28190

Affected Products

Terramaster Tos

PT-2020-16944 · Terramaster · Terramaster Tos

CVE-2020-28190

Related Identifiers

Affected Products

References · 4