Title:Terramaster TOS 权限许可和访问控制问题漏洞 (CVE-2020-28185) Description:Terramaster TOS是中国深圳市图美电子技术(Terramaster)公司的一款基于Linux平台的,专用于erraMaster云存储NAS服务器的操作系统。 TerraMaster TOS 4.2.06版本及之前版本存在安全漏洞,该漏洞允许远程未经身份验证的攻击者可利用该漏洞通过向导initialize .php的用户名参数识别系统内的有效用户。
File Snapshot
# TerraMaster TOS 用户枚举漏洞 CVE-2020-28185
## 漏洞描述
TerraMaster TOS 存在用户枚举漏洞,通过wizard/initialise.php页面
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.