Title:Terramaster TOS 授权问题漏洞 (CVE-2020-28186) Description:Terramaster TOS是中国深圳市图美电子技术(Terramaster)公司的一款基于Linux平台的,专用于erraMaster云存储NAS服务器的操作系统。 TerraMaster TOS 4.2.06版本及之前版本存在授权问题漏洞,该漏洞源于电子邮件注入,远程未经身份验证的攻击者可利用该漏洞滥用忘记密码功能,实现账户接管。
File Snapshot
# TerraMaster TOS 任意账号密码修改漏洞 CVE-2020-28186
## 漏洞描述
TerraMaster TOS <= 4.2.06中的电子邮件注入允许未经身份验证的远程攻击
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.