Vulnerabilities > CVE-2020-15568 - Improper Control of Dynamically-Managed Code Resources vulnerability in Terra-Master TOS

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

terra-master

CWE-913

critical

NVD

Published: 2021-01-30

Updated: 2021-07-21

Summary

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.

Vulnerable Configurations

Part	Description	Count
OS	Terra-Master Terra Master TOS - Terra Master TOS 4.0.02 Terra Master TOS 4.0.09 Terra Master TOS 4.0.17 Terra Master TOS 4.0.18 Terra Master TOS 4.1.18 Terra Master TOS 4.1.21 Terra Master TOS 4.1.24 Terra Master TOS 4.1.27 Terra Master TOS 4.1.28	10

Common Weakness Enumeration (CWE)

CWE-913 - Improper Control of Dynamically-Managed Code Resources

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References